diff --git includes/bootstrap.inc includes/bootstrap.inc
index d965319..6232e77 100644
--- includes/bootstrap.inc
+++ includes/bootstrap.inc
@@ -513,8 +513,21 @@ function drupal_settings_initialize() {
     $base_root = substr($base_url, 0, strlen($base_url) - strlen($parts['path']));
   }
   else {
-    // Create base URL
-    $http_protocol = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https' : 'http';
+    // Create base URL, defaulting to http.
+    $http_protocol = 'http';
+    // Check if we are using HTTPS.
+    if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
+      // We're running HTTPS natively in the web server.
+      $http_protocol = 'https';
+    }
+    elseif (variable_get('reverse_proxy', 0)) {
+      // Only trust headers if 'reverse_proxy' is enabled.
+      if ((isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https') || (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && $_SERVER['HTTP_FRONT_END_HTTPS'] == 'on')) {
+        // We appear to be behind a proxy running HTTPS.
+        $http_protocol = 'https';
+      }
+    }
+
     $base_root = $http_protocol . '://' . $_SERVER['HTTP_HOST'];
 
     $base_url = $base_root;