### Description GitLab Pages provides both HTTP and HTTPS connections (if a certificate is available), but HTTPS is not enforced. So, if you request resources via HTTP, it will stay unencrypted. ### Proposal Add an option that enforce HTTPS connections: if a connections is HTTP, and the current domain (shared or custom) has a certificate, a `301` redirect message is sent back to the client. ``` HTTP/1.1 301 Moved Permanently Location: https://<username>.gitlab.io ``` This setting is per project. ### Design proposal * Add checkbox to enable force redirect to HTTPs to Settings > Pages. * Setting is saved automatically. * This will have HTTPS only by default for all new pages, off for existing ones