Express req.secure Property

Beginner
⏱️ 7 min read
📚 Updated: May 2026
🎯 3 Code Examples

What you’ll learn

  • How req.secure indicates HTTPS requests.
  • How proxy setup affects secure detection.
  • How to enforce HTTPS using middleware.
  • How to combine req.secure with host/path values for redirects.

Usage syntax

javascript
req.secure
req.protocol === 'https'
1

Redirect non-secure requests to HTTPS

javascript
app.use(function (req, res, next) {
  if (!req.secure) {
    return res.redirect('https://' + req.get('host') + req.originalUrl);
  }
  next();
});
2

Expose secure flag in diagnostics endpoint

javascript
app.get('/diag', function (req, res) {
  res.json({ secure: req.secure, protocol: req.protocol });
});

❓ FAQ

It is a boolean indicating whether the request is using HTTPS.
req.secure is true when req.protocol equals 'https'.
Usually trust proxy is not configured, so Express cannot trust forwarded protocol info.
Use it for HTTPS-only middleware, redirect logic, and security policy checks.
Yes. A common pattern redirects non-secure requests to the HTTPS version of the same URL.
Did you know?

req.secure is a boolean helper equivalent to req.protocol === 'https'.

About the author

Mari Selvan M P
Mari Selvan M P 🔗

Developer, cloud engineer, and technical writer

  • Experience 12 years building web and cloud systems
  • Focus Full Stack Development, AWS, and Developer Education

I write practical tutorials so students and working developers can learn by doing—from databases and APIs to deployment on AWS.

4 people found this page helpful