|Site customization: $wgForceHTTPS|
|Redirect insecure HTTP requests to HTTPS.
|Introduced in version:||1.34.3 (Gerrit change 608504; )|
|Removed in version:||still in use|
|Other settings: Alphabetical | By function|
If this setting true, when an insecure HTTP request is received, always redirect to HTTPS. This overrides and disables the preferhttps user preference, and it overrides $wgSecureLogin and the CanIPUseHTTPS hook.
If a reverse proxy or CDN is used to forward requests from HTTPS to HTTP, the request header "X-Forwarded-Proto: https" should be sent to suppress the redirect.
In addition to setting this to true, for optimal security, the webserver should also be configured to send Strict-Transport-Security response headers.
This variable was added in MediaWiki 1.35.0 (gerrit:608504).
It was backported to 1.34 as part of the MediaWiki 1.34.3 release (gerrit:612497).
It was also backported to 1.31 as part of the MediaWiki 1.31.9 release (gerrit:615840).