Manual:$wgForceHTTPS

Details
If this setting true, when an insecure HTTP request is received, always redirect to HTTPS. This overrides and disables the preferhttps user preference, and it overrides  and the  hook.

 may be either https or protocol-relative. If  starts with "http://", an exception will be thrown.

If a reverse proxy or CDN is used to forward requests from HTTPS to HTTP, the request header " " should be sent to suppress the redirect.

In addition to setting this to, for optimal security, the webserver should also be configured to send HTTP Strict Transport Security (HSTS) response headers.

When  is set to false, HTTP/HTTPS preference is tracked on a per-user basis, by a combination of the   user preference,   cookie and session metadata available via   and.

Availability
This variable was added in MediaWiki 1.35.0 (608504). It was backported to 1.34 as part of the MediaWiki 1.34.3 release (612497) as well as to 1.31 as part of the MediaWiki 1.31.9 release (<tvar|2>615840</>).