> ## Documentation Index
> Fetch the complete documentation index at: https://www.aptible.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# HTTPS Redirect

<Tip> Your app can detect which protocol is being used by examining a request's `X-Forwarded-Proto` header. See [HTTP Request Headers](/core-concepts/apps/connecting-to-apps/app-endpoints/https-endpoints/http-request-headers) for more information.</Tip>

By default, [HTTP(S) Endpoints](/core-concepts/apps/connecting-to-apps/app-endpoints/https-endpoints/overview) accept traffic over both HTTP and HTTPS.

To disallow HTTP and redirect traffic to HTTPS, enable **Force SSL** on the endpoint. This is an endpoint setting configured per endpoint, so each HTTP(S) endpoint on the same app can have independent behavior.

# Force SSL in detail

Enabling Force SSL on an endpoint causes 2 things to happen:

* Your HTTP(S) Endpoints will redirect all HTTP requests to HTTPS.
* Your HTTP(S) Endpoints will set the `Strict-Transport-Security` header on responses with a max-age of 1 year.

Make sure you understand the implications of setting the `Strict-Transport-Security` header before using this feature.

In particular, by design, clients that connect to your site and receive this header will refuse to reconnect via HTTP for up to a year after they receive the `Strict-Transport-Security` header.

# Enabling Force SSL

Enable or disable Force SSL directly on each endpoint:

```shell theme={null}
# Enable
aptible endpoints:https:modify --app "$APP_HANDLE" "$ENDPOINT_HOSTNAME" --force-ssl

# Disable
aptible endpoints:https:modify --app "$APP_HANDLE" "$ENDPOINT_HOSTNAME" --no-force-ssl
```

In Terraform, set `force_ssl = true` on the `aptible_endpoint` resource. You can also toggle this in the [Aptible Dashboard](https://app.aptible.com) on the endpoint's configuration page.

<Warning>**Migrating from environment variables:** `FORCE_SSL` was previously set as an app configuration variable. Once your endpoints are configured with the desired setting, unset it from your app using `aptible config:unset`</Warning>