Today I added this to the .htaccess files on my sites ( nella.org and blog.nella.org) in order to make them HTTPS only:

Header set Strict-Transport-Security "max-age=31536000"

You should too!