diff --git a/docs/guides/src/main/server/hostname.adoc b/docs/guides/src/main/server/hostname.adoc
index 7d0ee81f258..e45e04a039b 100644
--- a/docs/guides/src/main/server/hostname.adoc
+++ b/docs/guides/src/main/server/hostname.adoc
@@ -64,6 +64,17 @@ To perform this action, you can override the hostname path to use the path defin
 The `hostname-path` configuration takes effect when a reverse proxy is enabled.
 For details, see the <@links.server id="reverseproxy"/> Guide.
 
+== Accessing Keycloak in production mode using HTTP
+Keycloak follows the "secure by design" principle, so it is absolutely not recommmended to access Keycloak without proper transport encryption, as this opens up multiple attack vectors.
+
+Nevertheless there are environments, where Keycloak is deployed behind a proxy/load balancer that terminates TLS completely and the internal requests are done using the unencrypted HTTP protocol.
+
+To be able to work with Keycloak using HTTP for these environments, there is the hidden configuration option `hostname-strict-https=<true/false>`. This option is set to `true` by default for the production mode, and `false` for the development mode.
+
+When you need to access Keycloak using HTTP in production mode, for example when you use `proxy=edge` and you want to access the administration console internally using HTTP, you have to set `hostname-strict-https=false`, otherwise a blank page will show up.
+
+Keep in mind the recommended approach is to always use HTTPS, and this still is true for external clients.
+
 == Using the hostname in development mode
 You run Keycloak in development mode by using `start-dev`.
 In this mode, the hostname setting is optional.