diff --git a/http.go b/http.go
index 2cee227b..0c84fb4b 100644
--- a/http.go
+++ b/http.go
@@ -152,3 +152,13 @@ func (ln tcpKeepAliveListener) Accept() (c net.Conn, err error) {
 	tc.SetKeepAlivePeriod(3 * time.Minute)
 	return tc, nil
 }
+
+func redirectToHTTPS(opts *Options, h http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if opts.ForceHTTPS {
+			http.Redirect(w, r, opts.HTTPSAddress, http.StatusPermanentRedirect)
+		}
+
+		h.ServeHTTP(w, r)
+	})
+}
diff --git a/main.go b/main.go
index 5baa8cd2..fb859064 100644
--- a/main.go
+++ b/main.go
@@ -186,9 +186,9 @@ func main() {
 
 	var handler http.Handler
 	if opts.GCPHealthChecks {
-		handler = gcpHealthcheck(LoggingHandler(oauthproxy))
+		handler = redirectToHTTPS(opts, gcpHealthcheck(LoggingHandler(oauthproxy)))
 	} else {
-		handler = LoggingHandler(oauthproxy)
+		handler = redirectToHTTPS(opts, LoggingHandler(oauthproxy))
 	}
 	s := &Server{
 		Handler: handler,