Title: HTTP:X-Forwarded-Proto
Last modified: January 19, 2023

---

# HTTP:X-Forwarded-Proto

 *  Resolved [themefour wp](https://wordpress.org/support/users/masouddarvishi1992/)
 * (@masouddarvishi1992)
 * [3 years, 4 months ago](https://wordpress.org/support/topic/httpx-forwarded-proto/)
 * Hello. Please do not use this method! My site gets a 404 error.
 * I have to use the code below to fix the problem, but again your plugin replaces
   the code above!
 * Why do you do this?
 *     ```wp-block-code
       <IfModule mod_rewrite.c>
       RewriteEngine on
       RewriteCond %{HTTP:X-Forwarded-Proto} !https
       RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
       RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
       </IfModule>
       ```
   
 * true code:
 *     ```wp-block-code
       <IfModule mod_rewrite.c>
       RewriteEngine on
       RewriteCond %{HTTPS} !=on [NC]
       RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
       RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
       </IfModule>
       ```
   

Viewing 8 replies - 1 through 8 (of 8 total)

 *  Plugin Contributor [Rogier Lankhorst](https://wordpress.org/support/users/rogierlankhorst/)
 * (@rogierlankhorst)
 * [3 years, 4 months ago](https://wordpress.org/support/topic/httpx-forwarded-proto/#post-16389894)
 * As there are many types of hosting setups, all requiring different .htaccess 
   redirects, the plugin tries to detect the redirect that is required for your 
   setup by loading the following page:
 * [https://yourdomain.com/wp-content/plugins/really-simple-ssl/ssl-test-page.php](https://yourdomain.com/wp-content/plugins/really-simple-ssl/ssl-test-page.php)
 * If you load that page for your domain, you will probably see #LOADBALANCER
 * This means the $_SERVER[‘HTTP_X_FORWARDED_PROTO’] is set, and contains ‘https’.
   Based on the experience in the past 7 years, this normally means that the .htaccess
   redirect that goes with this server variable is
 * RewriteCond %{HTTP:X-Forwarded-Proto} !https
 * As also explained here [https://really-simple-ssl.com/manually-insert-htaccess-redirect-http-to-https/](https://really-simple-ssl.com/manually-insert-htaccess-redirect-http-to-https/)
 * The redirect you are using is configured by Really Simple SSL if $_SERVER[‘HTTPS’]
   = ‘on’, and is actually the default in Really Simple SSL, as it is used by most
   hosters. Apparently this server variable is not available on your site, but the.
   htaccess does work with this redirect type. Which seems odd.
 * As your site has a non-standard configuration , you can simply set the redirect
   type to ‘php redirect’, and add your own .htaccess redirect.
 * If you can share your hosting environment, we can test with that specific environment,
   and see if we can detect this configuration out of the box.
 * If we know your hosting company we can contact them and check what they do that’s
   different from most other sites.
    -  This reply was modified 3 years, 4 months ago by [Rogier Lankhorst](https://wordpress.org/support/users/rogierlankhorst/).
 *  Thread Starter [themefour wp](https://wordpress.org/support/users/masouddarvishi1992/)
 * (@masouddarvishi1992)
 * [3 years, 4 months ago](https://wordpress.org/support/topic/httpx-forwarded-proto/#post-16390496)
 * [@rogierlankhorst](https://wordpress.org/support/users/rogierlankhorst/)
 * I did the test you said and it returns this information:
 * **#SSL TEST PAGE#**
 * This page is used purely to test for SSL availability.#SERVER-HTTPS-ON# (on)
   #
   SERVERPORT443##LOADBALANCER#
 * #SUCCESSFULLY DETECTED SSL#
 * AND
 * Based on this explanation:
 * [https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto)
 * I need to use a load balancer to use this header (X-Forwarded-Proto)! But your
   plugin automatically uses this header without considering this issue and causes
   this problem.
    -  This reply was modified 3 years, 4 months ago by [themefour wp](https://wordpress.org/support/users/masouddarvishi1992/).
 *  Plugin Contributor [Rogier Lankhorst](https://wordpress.org/support/users/rogierlankhorst/)
 * (@rogierlankhorst)
 * [3 years, 4 months ago](https://wordpress.org/support/topic/httpx-forwarded-proto/#post-16390653)
 * [@masouddarvishi1992](https://wordpress.org/support/users/masouddarvishi1992/)
   your input as a contributor of the free open source plugin is very much appreciated.
 * The reason the X-Forwarded proto takes precedence over the https=on variant is
   that on most systems where the x-forwarded-proto is used, the https=on isn’t 
   there, and causes a failure when used. This priority structure has been in place
   for years, and has rarely caused issues among our 5.5 million websites.
 * There is a built in check which checks if the selected .htaccess rule works. 
   The plugin does this by loading a test page with a redirect to https. The url
   of this page is (with http):
    [http://yourdomain.com/wp-content/plugins/really-simple-ssl/testssl/loadbalancer/ssl-test-page.html](http://yourdomain.com/wp-content/plugins/really-simple-ssl/testssl/loadbalancer/ssl-test-page.html)
 * If this page returns successfully, the plugin assumes the redirect works as expected.
 * I’m curious if this page loads successfully on your end. The fact that the plugin
   writes the rule suggests it can load this page without issues, and the redirect
   works at that point.
 * As the plugin is used by so many websites we can’t just make changes for one 
   specific configuration, we have to make changes very carefully.
 *  Thread Starter [themefour wp](https://wordpress.org/support/users/masouddarvishi1992/)
 * (@masouddarvishi1992)
 * [3 years, 4 months ago](https://wordpress.org/support/topic/httpx-forwarded-proto/#post-16390696)
 * [@rogierlankhorst](https://wordpress.org/support/users/rogierlankhorst/) I did
   your test and everything seems fine.
 * [wp-content/plugins/really-simple-ssl/testssl/loadbalancer/ssl-test-page.html](http://yourdomain.com/wp-content/plugins/really-simple-ssl/testssl/loadbalancer/ssl-test-page.html)
 * Result:
 * This page is for testing SSL functionality. #SSL TEST PAGE#
 *  Plugin Contributor [Rogier Lankhorst](https://wordpress.org/support/users/rogierlankhorst/)
 * (@rogierlankhorst)
 * [3 years, 4 months ago](https://wordpress.org/support/topic/httpx-forwarded-proto/#post-16390812)
 * Ok, so the htaccess redirect seems to work on that page, which explains why the
   redirect is added.
 * What is strange, is why it works here, but not on the front-end.
 *  Thread Starter [themefour wp](https://wordpress.org/support/users/masouddarvishi1992/)
 * (@masouddarvishi1992)
 * [3 years, 4 months ago](https://wordpress.org/support/topic/httpx-forwarded-proto/#post-16395159)
 * [@rogierlankhorst](https://wordpress.org/support/users/rogierlankhorst/)
 * I disabled the plugin and re-enabled it. But this time, it didn’t add the X-Forwarded-
   Proto header!
 * Before this topic, your plugin did not add this header, but by activating the
   option to **remove unused css of wp rocket plugin**, this header was automatically
   added.
 * Of course, i not sure about this. But there may be an conflict.
    -  This reply was modified 3 years, 4 months ago by [themefour wp](https://wordpress.org/support/users/masouddarvishi1992/).
    -  This reply was modified 3 years, 4 months ago by [themefour wp](https://wordpress.org/support/users/masouddarvishi1992/).
 *  Plugin Contributor [Rogier Lankhorst](https://wordpress.org/support/users/rogierlankhorst/)
 * (@rogierlankhorst)
 * [3 years, 4 months ago](https://wordpress.org/support/topic/httpx-forwarded-proto/#post-16395433)
 * Ok, thanks for your detailed report. We will test specifically with WP Rocket
   to see if we can reproduce this.
 *  Plugin Contributor [Rogier Lankhorst](https://wordpress.org/support/users/rogierlankhorst/)
 * (@rogierlankhorst)
 * [3 years, 4 months ago](https://wordpress.org/support/topic/httpx-forwarded-proto/#post-16430567)
 * [@masouddarvishi1992](https://wordpress.org/support/users/masouddarvishi1992/)
   at this point we can’t consistently reproduce an issue with WP Rocket. We know
   that there are several hosting configurations which can be different from hosting
   company to hosting company. It is difficult to make any changes in these rules,
   as it might affect millions of websites, and we cannot reliably test this: there
   can always be a hosting company that is configured different than the range of
   configurations that we test.
 * For now, I have implemented a more highlighted warning about the .htaccess setting.
   It is always advisable to have FTP access at hand in case the site reacts in 
   an unexpected way.
 * If hosting companies are willing to cooperate, we an insert dedicated rules for
   recognised hosting environments. That would be the most foolproof method I think,
   but requires the cooperation of hosting companies.
 * As there is no immediate fix possible, I’ll close this thread for now.

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘HTTP:X-Forwarded-Proto’ is closed to new replies.

 * ![](https://ps.w.org/really-simple-ssl/assets/icon-256x256.png?rev=2839720)
 * [Really Simple Security - Simple and Performant Security (formerly Really Simple SSL)](https://wordpress.org/plugins/really-simple-ssl/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/really-simple-ssl/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/really-simple-ssl/)
 * [Active Topics](https://wordpress.org/support/plugin/really-simple-ssl/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/really-simple-ssl/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/really-simple-ssl/reviews/)

 * 8 replies
 * 2 participants
 * Last reply from: [Rogier Lankhorst](https://wordpress.org/support/users/rogierlankhorst/)
 * Last activity: [3 years, 4 months ago](https://wordpress.org/support/topic/httpx-forwarded-proto/#post-16430567)
 * Status: resolved