diff --git a/README.md b/README.md
index 7a6905a..3030e0c 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,9 @@
 # redirect-https
 
-Redirect from HTTP to HTTPS
+Redirect from HTTP to HTTPS.
+
+Makes for a seemless experience to end users in browsers (defaults to `301 Permanent + Location` redirect)
+and tightens security for apis and bots, without adversely affecting strange browsers (fallback to `meta` redirect).
 
 See <https://coolaj86.com/articles/secure-your-redirects/>
 
@@ -29,6 +32,8 @@ module.exports = app;
 { port: 443           // defaults to 443
 , body: ''            // defaults to an html comment to use https
 , trustProxy: true    // useful if you haven't set this option in express
+, browsers: 301       // issue 301 redirect if the user-agent contains "Mozilla/"
+, apis: 'meta'        // issue meta redirects to non-browsers
 }
 ```
 
diff --git a/index.js b/index.js
index 73f8991..d14d583 100644
--- a/index.js
+++ b/index.js
@@ -6,9 +6,15 @@ module.exports = function (opts) {
   if (!opts) {
     opts = {};
   }
-  if (isNaN(opts.port)) {
+  if (!isFinite(opts.port)) {
     opts.port = 443;
   }
+  if (!opts.browsers) {
+    opts.browsers = 301;
+  }
+  if (!opts.apis) {
+    opts.apis = 'meta';
+  }
   if (!('body' in opts)) {
     opts.body = "<!-- Hello Developer Person! We don't serve insecure resources around here."
       + "\n    Please use HTTPS instead. -->";
@@ -25,6 +31,10 @@ module.exports = function (opts) {
     }
 
     var url = (req.originalUrl || req.url);
+    // We don't want chrome showing the "Not Secure" badge during the redirect.
+    var probablyBrowser = (0 === (req.headers['user-agent']||'').indexOf('Mozilla/'));
+    // But we don't want devs, APIs, or Bots to accidentally browse insecure.
+    var redirect = probablyBrowser ? opts.browsers : opts.apis;
     var host = req.headers.host || '';
 		if (!/:\d+/.test(host) && 443 !== opts.port) {
 			// we are using standard port 80, but we aren't using standard port 443
@@ -59,8 +69,9 @@ module.exports = function (opts) {
       + '</html>\n'
       ;
 
-    if (opts.headerRedirect) {
-      res.statusCode = opts.headerRedirect.responseCode || 302;
+    // If it's not a non-0 number (because null is 0) then 'meta' is assumed.
+    if (redirect && isFinite(redirect)) {
+      res.statusCode = redirect;
       res.setHeader('Location', newLocation);
     }
     res.setHeader('Content-Type', 'text/html; charset=utf-8');
diff --git a/package.json b/package.json
index aece0ba..6a2e708 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "redirect-https",
-  "version": "1.1.6",
+  "version": "1.2.0",
   "description": "Redirect from HTTP to HTTPS using meta redirects",
   "main": "index.js",
   "scripts": {