diff --git a/ansible/haproxy/haproxy.cfg.j2 b/ansible/haproxy/haproxy.cfg.j2
index ee6a1c6..d1ab685 100644
--- a/ansible/haproxy/haproxy.cfg.j2
+++ b/ansible/haproxy/haproxy.cfg.j2
@@ -59,7 +59,9 @@ frontend https_frontend
     mode http
     option httplog
     option forwardfor
-    
+    # Tell backends the original connection was HTTPS (TLS terminates here)
+    http-request set-header X-Forwarded-Proto https
+
     # Security headers
     http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains"
     http-response set-header X-Frame-Options "SAMEORIGIN"