diff --git a/packages/play-node-go/public/index.html b/packages/play-node-go/public/index.html
index 888caba..b8ee387 100644
--- a/packages/play-node-go/public/index.html
+++ b/packages/play-node-go/public/index.html
@@ -1,11 +1,6 @@
 <!DOCTYPE html>
 <html lang="en">
   <head>
-    <script>
-      if (window.location.protocol === 'http:') {
-        window.location.protocol === 'https:';
-      }
-    </script>
     <meta charset="utf-8" />
     <link rel="icon" href="%PUBLIC_URL%/favicon.ico" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
diff --git a/packages/server/server.js b/packages/server/server.js
index 0a85883..c623cbf 100644
--- a/packages/server/server.js
+++ b/packages/server/server.js
@@ -1,21 +1,21 @@
-const createError = require('http-errors');
-const express = require('express');
+const createError = require("http-errors");
+const express = require("express");
 
-const cors = require('cors');
+const cors = require("cors");
 
-const path = require('path');
-const cookieParser = require('cookie-parser');
-const logger = require('morgan');
+const path = require("path");
+const cookieParser = require("cookie-parser");
+const logger = require("morgan");
 
-const db = require('./data/db');
+const db = require("./data/db");
 
-const dotenv = require('dotenv');
+const dotenv = require("dotenv");
 dotenv.config();
 
-const indexRouter = require('./routes/index');
-const usersRouter = require('./routes/users');
-const authRouter = require('./routes/auth');
-const apiRouter = require('./routes/api');
+const indexRouter = require("./routes/index");
+const usersRouter = require("./routes/users");
+const authRouter = require("./routes/auth");
+const apiRouter = require("./routes/api");
 
 const app = express();
 
@@ -23,40 +23,47 @@ const allowedOrigin = process.env.REACT_ADDRESS;
 const corsOptions = {
   origin: allowedOrigin,
   credentials: true,
-  methods: "GET,PUT,POST,DELETE"
-}
+  methods: "GET,PUT,POST,DELETE",
+};
 
-app.options('*', cors(corsOptions));
-app.use('*', cors(corsOptions));
+app.options("*", cors(corsOptions));
+app.use("*", cors(corsOptions));
 
 // disable logging for tests
-if (process.env.NODE_ENV !== 'test') app.use(logger('dev'));
+if (process.env.NODE_ENV !== "test") app.use(logger("dev"));
 
 app.use(express.json());
 app.use(express.urlencoded({ extended: false }));
 app.use(cookieParser());
-app.use(express.static(path.join(__dirname, 'public')));
+app.use(express.static(path.join(__dirname, "public")));
 
-app.use('/', indexRouter);
-app.use('/users', usersRouter);
-app.use('/auth', authRouter);
+// HTTP redirect to HTTPS
+app.use("/", (req, res, next) => {
+  if (req.protocol === "http") {
+    return res.redirect(`https://${req.hostname}`);
+  }
+  return next();
+});
+app.use("/", indexRouter);
+app.use("/users", usersRouter);
+app.use("/auth", authRouter);
 // @auth
-app.use('/api/v1', apiRouter);
+app.use("/api/v1", apiRouter);
 
 // catch 404 and forward to error handler
-app.use(function(req, res, next) {
+app.use(function (req, res, next) {
   next(createError(404));
 });
 
 // error handler
-app.use(function(err, req, res, next) {
+app.use(function (err, req, res, next) {
   // set locals, only providing error in development
   res.locals.message = err.message;
-  res.locals.error = req.app.get('env') === 'development' ? err : {};
+  res.locals.error = req.app.get("env") === "development" ? err : {};
 
   // render the error page
   res.status(err.status || 500);
-  res.send('error');
+  res.send("error");
 });
 
 module.exports = app;