diff --git a/packages/adapter-nextjs/__tests__/auth/utils/isValidOrigin.test.ts b/packages/adapter-nextjs/__tests__/auth/utils/origin.test.ts
similarity index 100%
rename from packages/adapter-nextjs/__tests__/auth/utils/isValidOrigin.test.ts
rename to packages/adapter-nextjs/__tests__/auth/utils/origin.test.ts
diff --git a/packages/adapter-nextjs/src/auth/utils/origin.ts b/packages/adapter-nextjs/src/auth/utils/origin.ts
index b05d02982c9..39813ba4388 100644
--- a/packages/adapter-nextjs/src/auth/utils/origin.ts
+++ b/packages/adapter-nextjs/src/auth/utils/origin.ts
@@ -9,6 +9,12 @@ export const isValidOrigin = (origin: string): boolean => {
 	try {
 		const url = new URL(origin);
 
+		if (url.protocol === 'http:' && url.hostname !== 'localhost') {
+			console.warn(
+				'HTTP origin detected. This is insecure and should only be used for local development.',
+			);
+		}
+
 		return (
 			(url.protocol === 'http:' || url.protocol === 'https:') &&
 			originRegex.test(origin)