diff --git a/app.js b/app.js
index abaf3369..b7868f56 100644
--- a/app.js
+++ b/app.js
@@ -33,8 +33,26 @@ Object.keys(settings.blockchain_specific).forEach(function(key, index, map) {
     });
   }
 });
+
 // whitelist the cmds in the nodeapi access list
 nodeapi.setAccess('only', apiAccessList);
+
+// determine if http traffic should be forwarded to https
+if (settings.webserver.tls.enabled == true && settings.webserver.tls.always_redirect == true) {
+  app.use(function(req, res, next) {
+    if (req.secure) {
+      // continue without redirecting
+      next();
+    } else {
+      // add webserver port to the host value if it does not already exist
+      const host = req.headers.host + (req.headers.host.indexOf(':') > -1 ? '' : ':' + settings.webserver.port.toString());
+
+      // redirect to the correct https page
+      res.redirect(301, 'https://' + host.replace(':' + settings.webserver.port.toString(), (settings.webserver.tls.port != 443 ? ':' + settings.webserver.tls.port.toString() : '')) + req.url);
+    }
+  });
+}
+
 // determine if cors should be enabled
 if (settings.webserver.cors.enabled == true) {
   app.use(function(req, res, next) {
@@ -44,6 +62,7 @@ if (settings.webserver.cors.enabled == true) {
     next();
   });
 }
+
 // view engine setup
 app.set('views', path.join(__dirname, 'views'));
 app.set('view engine', 'pug');
diff --git a/lib/settings.js b/lib/settings.js
index 4f5d35c5..0aa69ed0 100644
--- a/lib/settings.js
+++ b/lib/settings.js
@@ -48,6 +48,10 @@ exports.webserver = {
     // port: Port # to configure the express webserver to listen for https requests on
     //       NOTE: Be sure to configure firewalls to allow traffic through this port or the explorer website may not be accessible remotely
     "port": 443,
+    // always_redirect: Force all explorer traffic to use https
+    //                  If set to true, all http web requests will automatically be forwarded to https
+    //                  If set to false, the webserver will allow both http and https traffic
+    "always_redirect": false,
     // cert_file: The absolute or relative path to the tls certificate file. Typically this file will be generated from certbot (read more: https://certbot.eff.org)
     "cert_file": "/etc/letsencrypt/live/domain-name-here/cert.pem",
     // chain_file: The absolute or relative path to the tls chain file. Typically this file will be generated from certbot (read more: https://certbot.eff.org)
diff --git a/settings.json.template b/settings.json.template
index dbfa06bc..814e9eac 100644
--- a/settings.json.template
+++ b/settings.json.template
@@ -47,6 +47,10 @@
       // port: Port # to configure the express webserver to listen for https requests on
       //       NOTE: Be sure to configure firewalls to allow traffic through this port or the explorer website may not be accessible remotely
       "port": 443,
+      // always_redirect: Force all explorer traffic to use https
+      //                  If set to true, all http web requests will automatically be forwarded to https
+      //                  If set to false, the webserver will allow both http and https traffic
+      "always_redirect": true,
       // cert_file: The absolute or relative path to the tls certificate file. Typically this file will be generated from certbot (read more: https://certbot.eff.org)
       "cert_file": "/etc/letsencrypt/live/domain-name-here/cert.pem",
       // chain_file: The absolute or relative path to the tls chain file. Typically this file will be generated from certbot (read more: https://certbot.eff.org)