diff --git a/docs/guide/security-best-practices.md b/docs/guide/security-best-practices.md
index abdaa86dbb..3067c00d70 100644
--- a/docs/guide/security-best-practices.md
+++ b/docs/guide/security-best-practices.md
@@ -170,3 +170,17 @@ simply rewrite code with what's generated by Gii.
 
 Debug toolbar should be avoided at production unless really necessary. It exposes all the application and config
 details possible. If you absolutely need it check twice that access is properly restricted to your IP only.
+
+Using secure connection over TLS
+--------------------------------
+
+Yii provides features that rely on cookies and/or PHP sessions. These can be vulnerable in case your connection is
+compromised. The vulnerability is reduced if the app uses secure connection via TLS.
+
+Please refer to your webserver documentation for instructions on how to configure it. You may also check example configs
+provided by H5BP project:
+
+- [Nginx](https://github.com/h5bp/server-configs-nginx)
+- [Apache](https://github.com/h5bp/server-configs-apache).
+- [IIS](https://github.com/h5bp/server-configs-iis).
+- [Lighttpd](https://github.com/h5bp/server-configs-lighttpd).