# HTTP All HTTP based communication should be protected [using TLS](../../features/exploits/http.html#http). Below you can find details around WebFlux specific features that assist with HTTPS usage. ## Redirect to HTTPS If a client makes a request using HTTP rather than HTTPS, Spring Security can be configured to redirect to HTTPS. For example, the following Java configuration will redirect any HTTP requests to HTTPS: Example 1. Redirect to HTTPS Java ``` @Bean SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { http // ... .redirectToHttps(withDefaults()); return http.build(); } ``` Kotlin ``` @Bean fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain { return http { // ... redirectToHttps { } } } ``` The configuration can easily be wrapped around an if statement to only be turned on in production. Alternatively, it can be enabled by looking for a property about the request that only happens in production. For example, if the production environment adds a header named `X-Forwarded-Proto` the following Java Configuration could be used: Example 2. Redirect to HTTPS when X-Forwarded Java ``` @Bean SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { http // ... .redirectToHttps(redirect -> redirect .httpsRedirectWhen(e -> e.getRequest().getHeaders().containsKey("X-Forwarded-Proto")) ); return http.build(); } ``` Kotlin ``` @Bean fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain { return http { // ... redirectToHttps { httpsRedirectWhen { it.request.headers.containsKey("X-Forwarded-Proto") } } } } ``` ## Strict Transport Security Spring Security provides support for [Strict Transport Security](../../servlet/exploits/headers.html#servlet-headers-hsts) and enables it by default. ## Proxy Server Configuration Spring Security [integrates with proxy servers](../../features/exploits/http.html#http-proxy-server).