Rack::SSL Force SSL/TLS in your app. Redirects all "http" requests to "https" Set Strict-Transport-Security header Flag all cookies as "secure" (this can be disabled by setting :flag_cookies_as_secure => false in the options hash) Usage use Rack::SSL