diff --git a/CHANGES.md b/CHANGES.md
index 84f54727ac..9f6cebb647 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -3,6 +3,7 @@
 ## Features
 
 - New route in Locale API to fetch a list of languages
+- Added option to force HTTPS connection to the Appwrite server (_APP_OPTIONS_FORCE_HTTPS)
 - Added Google Fonts to Appwrite for offline availability
 
 ## Bug Fixes
diff --git a/Dockerfile b/Dockerfile
index fe84acfe6b..efd1344c5d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -51,6 +51,7 @@ ENV TZ=Asia/Tel_Aviv \
     _APP_HOME=https://appwrite.io \
     _APP_EDITION=community \
     _APP_OPTIONS_ABUSE=enabled \
+    _APP_OPTIONS_FORCE_HTTPS=disabled \
     _APP_OPENSSL_KEY_V1=your-secret-key \
     _APP_STORAGE_LIMIT=104857600 \
     _APP_STORAGE_ANTIVIRUS=enabled \
diff --git a/app/app.php b/app/app.php
index b49154c81a..ed8c30f93f 100644
--- a/app/app.php
+++ b/app/app.php
@@ -82,6 +82,14 @@ $utopia->init(function () use ($utopia, $request, $response, &$user, $project, $
      * As recommended at:
      * @see https://www.owasp.org/index.php/List_of_useful_HTTP_headers
      */
+    if ($request->getServer('_APP_OPTIONS_FORCE_HTTPS', 'disabled') === 'enabled') { // Force HTTPS
+        if(Config::getParam('protocol') !== 'https') {
+           return $response->redirect('https://' . Config::getParam('domain').$request->getServer('REQUEST_URI'));
+        }
+
+        $response->addHeader('Strict-Transport-Security', 'max-age='.(60 * 60 * 24 * 126)); // 126 days
+    }    
+
     $response
         ->addHeader('Server', 'Appwrite')
         ->addHeader('X-XSS-Protection', '1; mode=block; report=/v1/xss?url='.urlencode($request->getServer('REQUEST_URI')))
diff --git a/docker-compose.yml b/docker-compose.yml
index 891346152e..58c374a981 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -66,6 +66,7 @@ services:
       #- _APP_ENV=production
       - _APP_ENV=development
       - _APP_OPTIONS_ABUSE=disabled
+      - _APP_OPTIONS_FORCE_HTTPS=disabled
       - _APP_OPENSSL_KEY_V1=your-secret-key
       - _APP_DOMAIN=demo.appwrite.io
       - _APP_DOMAIN_TARGET=demo.appwrite.io
diff --git a/docs/tutorials/environment-variables.md b/docs/tutorials/environment-variables.md
index 712c1f1e0f..a44e977857 100644
--- a/docs/tutorials/environment-variables.md
+++ b/docs/tutorials/environment-variables.md
@@ -10,7 +10,11 @@ Set your server running environment. By default, the var is set to 'development'
 
 ### _APP_OPTIONS_ABUSE
 
-Allows you to disable abuse checks and API rate limiting. By default, set to 'enabled'. To cancel the abuse checking, set to 'disabled'. It is not recommended to disable this check-in a production environment.
+Allows you to disable abuse checks and API rate limiting. By default, set to 'enabled'. To cancel the abuse checking, set to 'disabled'. It is not recommended to disable this feature in a production environment.
+
+### _APP_OPTIONS_FORCE_HTTPS
+
+Allows you to force HTTPS connection to your API. This feature redirects any HTTP call to HTTPS and adds the 'Strict-Transport-Security' header to all HTTP responses. By default, set to 'disabled'. To enable, set to 'enabled'. This feature will work only when your ports are set to default 80 and 443.
 
 ### _APP_OPENSSL_KEY_V1