Is redirecting http to https a bad idea?

Question

I\'m reading over this page and it says that if a site is SSL and the user tries to access it via regular http, the application should not redirect the user to https. It sho

Answer 1

It's a perfectly acceptable "bootstrap" method - 301 redirect from HTTP to HTTPS then on the HTTPS side return a Strict-Transport-Security header in order to lock the browser into HTTPS.

It would be a major usability issue to block HTTP entirely, as web browsers will attempt the HTTP protocol when a URL is entered without a protocol designator, unless the browser supports HSTS and an HSTS token is found in either the browser cache or the preload list.