Configuring HSTS in Cloudflare


Well, the 301 redirect already made them technically, but better put them there.



Yes I ran some test recently at, which said this was a problem, so I added the canonical header.

Actually they still say it’s a problem from an SEO perspective because the sites can still be accessed at or, so I guess that requires another piece of htaccess.



Yeah, you should rewrite all to the base, when it’s index.*.



I wanted everything going to / without the index.php afterwards. Would that be?

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(index.*)
RewriteRule ^.*$ https://%1/$1 [R=301,L]

RewriteCond %{HTTPS} off
RewriteRule (index.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]


Don’t really know those rules a lot… Maybe @sdayman?



Not I. I’m not a .htaccess wizard.

The server itself should already be configured using DirectoryIndex to recognize index.php as a valid default document. Just as it does for index.html.

This might be the .htaccess approach:
DirectoryIndex index.php index.html index.htm default.html default.htm home.html

You shouldn’t need that HTTPS off Condition if you’re already forcing HTTPS and you’ve properly configured to handle index.php, as I just described.

1 Like


This is really all about Google and simply telling them which version of the site you want them to see. In effect it’s just an extension of eliminating http and www etc, which dilutes your SEO. Google are actually bringing out a change next month as described here, so this may not be necessary to change in future.

With the existing htaccess, that is something I’ve been using for a couple of years now and seemed to be the only way of reliably pushing everything towards https. You make a good point though that it may not be required if I have enabled HSTS.

1 Like

closed #48

This topic was automatically closed after 30 days. New replies are no longer allowed.