The HTTP security page has the following options:
|Use HTTPS for logins|
This setting allows you to use HTTPS only for logins, reverting to HTTP afterwards. This can be useful for general speed whilst ensuring secure login.
It is important to be cautious and remember that this setting requires HTTPS to be specifically enabled on the web server. If it is not then you could lock yourself out of the site.
If server is accepting only HTTPS connections it is recommended to enable sending of secure cookies. If enabled please make sure that web server is not accepting http:// or set up permanent redirection to https:// address. When wwwroot address does not start with https:// this setting is turned off automatically.
|Only http cookies|
Enables new PHP 5.2.0 feature. Browsers are instructed to send cookie with real http requests only, cookies should not be accessible by scripting languages. This is not supported in all browsers and it may not be fully compatible with current code. It helps to prevent some types of XSS attacks.
|Allow frame embedding|
Allow embedding of this site in frames on external sites. Enabling of this feature is not recommended for security reasons.
|Prevent password autocompletion on login form|
If enabled, users are not allowed to save their account password in their browser.
Every web server has a different method for enabling HTTPS, so you should check the documentation for your web server.