Express req.secure Property
What you’ll learn
- How
req.secureindicates HTTPS requests. - How proxy setup affects secure detection.
- How to enforce HTTPS using middleware.
- How to combine
req.securewith host/path values for redirects.
Usage syntax
javascript
req.secure
req.protocol === 'https'1
Redirect non-secure requests to HTTPS
javascript
app.use(function (req, res, next) {
if (!req.secure) {
return res.redirect('https://' + req.get('host') + req.originalUrl);
}
next();
});2
Expose secure flag in diagnostics endpoint
javascript
app.get('/diag', function (req, res) {
res.json({ secure: req.secure, protocol: req.protocol });
});❓ FAQ
It is a boolean indicating whether the request is using HTTPS.
req.secure is true when req.protocol equals 'https'.
Usually trust proxy is not configured, so Express cannot trust forwarded protocol info.
Use it for HTTPS-only middleware, redirect logic, and security policy checks.
Yes. A common pattern redirects non-secure requests to the HTTPS version of the same URL.
Did you know?
req.secure is a boolean helper equivalent to req.protocol === 'https'.
4 people found this page helpful
