diff --git a/data/etc/apache2/sites-available/plinth-ssl.conf b/data/etc/apache2/sites-available/plinth-ssl.conf
index 267289dac..a7831936c 100644
--- a/data/etc/apache2/sites-available/plinth-ssl.conf
+++ b/data/etc/apache2/sites-available/plinth-ssl.conf
@@ -1,5 +1,8 @@
 ##
-## When enabled allows only SSL traffic onto Plinth
+## When enabled allows only SSL traffic onto Plinth.  This is done by
+## redirecting non-secure traffic to secure traffic.  The redirect is
+## permanent as recommended in:
+## http://tools.ietf.org/html/rfc6797#section-7
 ##
 ## Requires the following Apache modules to be enabled:
 ##   mod_rewrite
@@ -8,5 +11,5 @@
 <Location /plinth>
     RewriteEngine on
     ReWriteCond %{HTTPS} !=on
-    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
+    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
 </Location>