This is a continuation to the previous article on Enforcing HTTPS.

While redirecting all non-secure requests to secure URLs is good, 
a man-in-the-middle can still hijack the connection before the 
redirect. And if the user types the address as company.com in 
the address bar, it will access the site insecurely every single 
time.