diff --git a/CHANGELOG.md b/CHANGELOG.md
index f714141..7ee114b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## Unreleased
 
 * Dropped Python 3.2 support
+* Added TRUST_X_FORWARDED_PROTO variable
 
 ## 1.3
 
diff --git a/django12factor/__init__.py b/django12factor/__init__.py
index 5cf9dda..81ac1c8 100644
--- a/django12factor/__init__.py
+++ b/django12factor/__init__.py
@@ -127,6 +127,11 @@ def factorise(custom_settings=None):
 
     settings['ALLOWED_HOSTS'] = os.getenv('ALLOWED_HOSTS', '').split(',')
 
+    if getenv_bool('TRUST_X_FORWARDED_PROTO'):
+    	settings['SECURE_PROXY_SSL_HEADER'] = ('HTTP_X_FORWARDED_PROTO', 'https')
+    else:
+    	settings['SECURE_PROXY_SSL_HEADER'] = None
+
     # For keys to different apis, etc.
     if custom_settings is None:
         custom_settings = []
diff --git a/tests/test_d12f.py b/tests/test_d12f.py
index 9288232..6fed72e 100644
--- a/tests/test_d12f.py
+++ b/tests/test_d12f.py
@@ -149,3 +149,12 @@ def test_non_capitalised_database_ignored(self):
                 "Loaded %d databases instead of just 1 (default) - got %s "
                 "from environment %s" % (len(dbs), dbs.keys(), e)
             )
+
+    def test_use_x_forwarded_proto(self):
+        with debugenv(TRUST_X_FORWARDED_PROTO="on"):
+            settings = d12f()
+            self.assertEquals(('HTTP_X_FORWARDED_PROTO', 'https'), settings['SECURE_PROXY_SSL_HEADER'])
+
+        with debugenv(TRUST_X_FORWARDED_PROTO="off"):
+            settings = d12f()
+            self.assertEquals(None, settings['SECURE_PROXY_SSL_HEADER'])