In AEM 6.0 SP2, there is a new version of the “Apache Felix Http SSL Filter” bundle.
Unfortunately, it has a different package name as the one included in AEM 6.0, which means that both versions of the SSL Filter are active.
Now if both filters are active, the second filter does not have the information if originally, the request was sent over https or http.
Therefore the SlingHttpServletRequest.isSecure() method will always return “false”.
This is fixed if the old (0.0.1.R1394715) version of the filter is disabled, one way to do this permanently is the use of the AEM Commons OSGI disabler.