diff --git a/_headers b/_headers
index 666fd199..b57c1c16 100644
--- a/_headers
+++ b/_headers
@@ -1,2 +1,5 @@
 /* 
   Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
+  X-Forwarded-Proto: https  
+  X-Content-Type-Options: nosniff  
+  Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
diff --git a/_redirects b/_redirects
new file mode 100644
index 00000000..e6721d82
--- /dev/null
+++ b/_redirects
@@ -0,0 +1 @@
+http://*  https://:splat  301
\ No newline at end of file
diff --git a/netlify.toml b/netlify.toml
index 46b863c0..508e1cbb 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -4,4 +4,10 @@
     Strict-Transport-Security = '''
     max-age=63072000;
     includeSubDomains;
-    preload'''
\ No newline at end of file
+    preload'''
+
+[[redirects]]
+  from = "http://*"
+  to = "https://:splat"
+  status = 301
+  force = true
\ No newline at end of file