diff --git a/src/shrpx_http2_downstream_connection.cc b/src/shrpx_http2_downstream_connection.cc
index 6cc42e14..bd7bc438 100644
--- a/src/shrpx_http2_downstream_connection.cc
+++ b/src/shrpx_http2_downstream_connection.cc
@@ -246,15 +246,16 @@ int Http2DownstreamConnection::push_request_headers()
   downstream_->concat_norm_request_headers();
   auto end_headers = std::end(downstream_->get_request_headers());
 
-  // 6 means:
+  // 7 means:
   // 1. :method
   // 2. :scheme
   // 3. :path
   // 4. :authority (optional)
   // 5. via (optional)
   // 6. x-forwarded-for (optional)
+  // 7. x-forwarded-proto (optional)
   auto nva = std::vector<nghttp2_nv>();
-  nva.reserve(nheader + 6);
+  nva.reserve(nheader + 7);
   std::string via_value;
   std::string xff_value;
   std::string scheme, authority, path, query;
@@ -308,9 +309,11 @@ int Http2DownstreamConnection::push_request_headers()
       }
     }
     if(scheme.empty()) {
-      // The default scheme is http. For HTTP2 upstream, the path must
-      // be absolute URI, so scheme should be provided.
-      nva.push_back(http2::make_nv_ll(":scheme", "http"));
+      if(client_handler_->get_ssl()) {
+        nva.push_back(http2::make_nv_ll(":scheme", "https"));
+      } else {
+        nva.push_back(http2::make_nv_ll(":scheme", "http"));
+      }
     } else {
       nva.push_back(http2::make_nv_ls(":scheme", scheme));
     }
@@ -370,6 +373,19 @@ int Http2DownstreamConnection::push_request_headers()
     nva.push_back(http2::make_nv_ls("x-forwarded-for", (*xff).second));
   }
 
+  if(downstream_->get_request_method() != "CONNECT") {
+    // We use same protocol with :scheme header field
+    if(scheme.empty()) {
+      if(client_handler_->get_ssl()) {
+        nva.push_back(http2::make_nv_ll("x-forwarded-proto", "https"));
+      } else {
+        nva.push_back(http2::make_nv_ll("x-forwarded-proto", "http"));
+      }
+    } else {
+      nva.push_back(http2::make_nv_ls("x-forwarded-proto", scheme.c_str()));
+    }
+  }
+
   auto via = downstream_->get_norm_request_header("via");
   if(get_config()->no_via) {
     if(via != end_headers) {
diff --git a/src/shrpx_http_downstream_connection.cc b/src/shrpx_http_downstream_connection.cc
index 239126b0..f1939bb5 100644
--- a/src/shrpx_http_downstream_connection.cc
+++ b/src/shrpx_http_downstream_connection.cc
@@ -175,7 +175,7 @@ int HttpDownstreamConnection::push_request_headers()
       http2::sanitize_header_value(hdrs, hdrs.size() - (*xff).second.size());
       hdrs += ", ";
     }
-    hdrs += downstream_->get_upstream()->get_client_handler()->get_ipaddr();
+    hdrs += client_handler_->get_ipaddr();
     hdrs += "\r\n";
   } else if(xff != end_headers) {
     hdrs += "X-Forwarded-For: ";
@@ -188,7 +188,7 @@ int HttpDownstreamConnection::push_request_headers()
     if(!downstream_->get_request_http2_scheme().empty()) {
       hdrs += downstream_->get_request_http2_scheme();
       hdrs += "\r\n";
-    } else if(util::istartsWith(downstream_->get_request_path(), "https:")) {
+    } else if(client_handler_->get_ssl()) {
       hdrs += "https\r\n";
     } else {
       hdrs += "http\r\n";