The proper way to redirect to https

The PHP redirection

With PHP you can redirect visitors to the https version of a website with the next code:

header('Location: https://your_domain.com');

The problem with this is that there can be more PHP code before this and it could have already started to print something in the screen. In this case, you could have the error PHP Error: Headers already sent

The Javascript redirection

With Javascript, the redirection goes like this:

window.location('https://your_domain.com');

The problem here is that the PHP code has already run and some other javascript could have been also executed before the redirection. As an example, in case we are tracking visitors with Google Analytics JS code or even saving records through PHP, we will have duplicated registries for each visit.

The HTML redirection

While this is not widely used, this is the code:

<meta http-equiv="refresh" content="0; url=https://your_domain.com"/>

Same problem than the javascript redirection. PHP code has already run and some Javascript could too. Another problem with this technique and the above one is that the website starts loading on the http version and then the redirection takes place. It cosumes twice bandwidth by processing double requests on the server as loading content twice to the visitor.

The Apache .htaccess redirection (the proper way)

This is the proper way to redirect to https, by adding the next code in the .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

.htaccess rules run before anything gets processed on the server side (even before PHP) so this will give a clean and fast redirection without any issue. Once the redirection is done, PHP starts running and printing code on the screen and later HTML and Javascript gets processed on the browser.