So dont think of HTTPS as another tech update its a full-scale business refresh. Sometimes our website does not contain an e-commerce page that requires sensitive data; in that case, we can switch to the HTTP protocol. Took me an age to find this info, so reposting from acquia to here: A client of mine has numerous customers with Drupal 7 sites. All rights reserved. In HTTP, URL begins with http:// whereas URL starts with https:// HTTP uses port number 80 for communication and HTTPS uses 443 HTTP is considered to be insecure and HTTPS is secure Overviews About SECURE Benefits Enrolled States MANIPUR MEGHALAYA MIZORAM NAGALAND ODISHA PUDUCHERRY RAJASTHAN SIKKIM The SSL protocol encrypts the data which the client transmits to the server. Use Security Kit module to enable HSTS, or manually set the Strict-Transport-Security header in your webserver, and add your domain to the browser HSTS preload list, to help prevent users from accessing the site without HTTPS. No need to restart apache. This is the most common issue for novice programmers. If no SameSite attribute is set, the cookie is treated as Lax. This secure connection allows clients to safely exchange sensitive data with a server, such as when performing banking activities or online shopping. This is intended to prevent an unauthorized third party from intercepting the communication, such as by monitoring WLAN network traffic. (rewrite matching to http and non-matching to https). It uses the port no. Insert this at the top of settings.php, right after