You may want to enable HSTS (HTTP Strict Transport Security) headers for your redirects to improve security.
If enabled, we will send the Strict-Transport-Security header on your redirects. The default header if enabled it:
Strict-Transport-Security: max-age=31536000; preload
If HSTS is enabled, we will also automatically upgrade your request to HTTPS first before executing the redirect itself. This improves security by keeping it on the same hostname on the HTTPS upgrade.
When enabling HSTS, you may define your own max age, include subdomains & preload parameters. By using the max-age field, you can phase in HSTS over your domains in a safer way.
HSTS can be enabled on team level to set it for all domains.
Or you can overrule the team default setting for a specific domain.
We only recommend enabling this if you know what the implications for your domain it has.