Translations:Manual:$wgForceHTTPS/7/en

In addition to setting this to true, for optimal security, the webserver should also be configured to send Strict-Transport-Security response headers.