diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2
index fbf0ec5912..ffd42929fb 100644
--- a/ansible/roles/haproxy/templates/haproxy.cfg.j2
+++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2
@@ -57,7 +57,7 @@ listen mongodb
 {% if enable_keystone | bool %}
 listen keystone_internal
   bind {{ kolla_internal_vip_address }}:{{ keystone_public_port }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
 {% for host in groups['keystone'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_public_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
@@ -65,7 +65,7 @@ listen keystone_internal
 
 listen keystone_external
   bind {{ kolla_external_vip_address }}:{{ keystone_public_port }} {{ tls_bind_info }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
 {% for host in groups['keystone'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_public_port }} check inter 2000 rise 2 fall 5
@@ -74,7 +74,7 @@ listen keystone_external
 
 listen keystone_admin
   bind {{ kolla_internal_vip_address }}:{{ keystone_admin_port }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
 {% for host in groups['keystone'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_admin_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
@@ -105,14 +105,14 @@ listen glance_api_external
 {% if enable_nova | bool %}
 listen nova_api
   bind {{ kolla_internal_vip_address }}:{{ nova_api_port }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
 {% for host in groups['nova-api'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_api_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
 
 listen nova_metadata
   bind {{ kolla_internal_vip_address }}:{{ nova_metadata_port }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
 {% for host in groups['nova-api'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_metadata_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
@@ -127,7 +127,7 @@ listen placement_api
 {% if nova_console == 'novnc' %}
 listen nova_novncproxy
   bind {{ kolla_internal_vip_address }}:{{ nova_novncproxy_port }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
 {% for host in groups['nova-novncproxy'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_novncproxy_port }} check inter 2000 rise 2 fall 5
@@ -151,7 +151,7 @@ listen nova_serialconsole_proxy
 
 listen nova_api_external
   bind {{ kolla_external_vip_address }}:{{ nova_api_port }} {{ tls_bind_info }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
 {% for host in groups['nova-api'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_api_port }} check inter 2000 rise 2 fall 5
@@ -159,7 +159,7 @@ listen nova_api_external
 
 listen nova_metadata_external
   bind {{ kolla_external_vip_address }}:{{ nova_metadata_port }} {{ tls_bind_info }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
 {% for host in groups['nova-api'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_metadata_port }} check inter 2000 rise 2 fall 5
@@ -176,7 +176,7 @@ listen placement_api_external
 {% if nova_console == 'novnc' %}
 listen nova_novncproxy_external
   bind {{ kolla_external_vip_address }}:{{ nova_novncproxy_port }} {{ tls_bind_info }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
 {% for host in groups['nova-novncproxy'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_novncproxy_port }} check inter 2000 rise 2 fall 5
@@ -184,7 +184,7 @@ listen nova_novncproxy_external
 {% elif nova_console == 'spice' %}
 listen nova_spicehtml5proxy_external
   bind {{ kolla_external_vip_address }}:{{ nova_spicehtml5proxy_port }} {{ tls_bind_info }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
 {% for host in groups['nova-spicehtml5proxy'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_spicehtml5proxy_port }} check inter 2000 rise 2 fall 5
@@ -223,7 +223,7 @@ listen neutron_server_external
 listen horizon
   bind {{ kolla_internal_vip_address }}:{{ horizon_port }}
   balance source
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
 {% for host in groups['horizon'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ horizon_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
@@ -233,7 +233,7 @@ listen horizon
 listen horizon_external
   bind {{ kolla_external_vip_address }}:443 {{ tls_bind_info }}
   balance source
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
 {% for host in groups['horizon'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ horizon_port }} check inter 2000 rise 2 fall 5
@@ -255,7 +255,7 @@ listen horizon_external
 {% if enable_cinder | bool %}
 listen cinder_api
   bind {{ kolla_internal_vip_address }}:{{ cinder_api_port }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
 {% for host in groups['cinder-api'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ cinder_api_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
@@ -263,7 +263,7 @@ listen cinder_api
 
 listen cinder_api_external
   bind {{ kolla_external_vip_address }}:{{ cinder_api_port }} {{ tls_bind_info }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
 {% for host in groups['cinder-api'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ cinder_api_port }} check inter 2000 rise 2 fall 5
@@ -274,7 +274,7 @@ listen cinder_api_external
 {% if enable_cloudkitty | bool %}
 listen cloudkitty_api
   bind {{ kolla_internal_vip_address }}:{{ cloudkitty_api_port }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
 {% for host in groups['cloudkitty-api'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ cloudkitty_api_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
@@ -282,7 +282,7 @@ listen cloudkitty_api
 
 listen cloudkitty_api_external
   bind {{ kolla_external_vip_address }}:{{ cloudkitty_api_port }} {{ tls_bind_info }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
 {% for host in groups['cloudkitty-api'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ cloudkitty_api_port }} check inter 2000 rise 2 fall 5
@@ -331,14 +331,14 @@ listen panko_api_external
 {% if enable_heat | bool %}
 listen heat_api
   bind {{ kolla_internal_vip_address }}:{{ heat_api_port }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
 {% for host in groups['heat-api'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
 
 listen heat_api_cfn
   bind {{ kolla_internal_vip_address }}:{{ heat_api_cfn_port }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
 {% for host in groups['heat-api-cfn'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_cfn_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
@@ -346,7 +346,7 @@ listen heat_api_cfn
 
 listen heat_api_external
   bind {{ kolla_external_vip_address }}:{{ heat_api_port }} {{ tls_bind_info }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
 {% for host in groups['heat-api'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_port }} check inter 2000 rise 2 fall 5
@@ -354,7 +354,7 @@ listen heat_api_external
 
 listen heat_api_cfn_external
   bind {{ kolla_external_vip_address }}:{{ heat_api_cfn_port }} {{ tls_bind_info }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
 {% for host in groups['heat-api-cfn'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_cfn_port }} check inter 2000 rise 2 fall 5
@@ -365,7 +365,7 @@ listen heat_api_cfn_external
 {% if enable_grafana | bool %}
 listen grafana_server
   bind {{ kolla_internal_vip_address }}:{{ grafana_server_port }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
 {% for host in groups['grafana'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ grafana_server_port }} check inter 2000 rise 2 fall 5
@@ -374,7 +374,7 @@ listen grafana_server
 
 listen grafana_server_external
   bind {{ kolla_external_vip_address }}:{{ grafana_server_port }} {{ tls_bind_info }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
 {% for host in groups['grafana'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ grafana_server_port }} check inter 2000 rise 2 fall 5
@@ -632,7 +632,7 @@ listen kibana
 
 listen kibana_external
   bind {{ kolla_external_vip_address }}:{{ kibana_server_port }} {{ tls_bind_info }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
   acl auth_acl http_auth(kibanauser)
   http-request auth realm basicauth unless auth_acl
@@ -734,7 +734,7 @@ listen trove_api_external
 {% if enable_congress | bool %}
 listen congress_api
   bind {{ kolla_internal_vip_address }}:{{ congress_api_port }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
 {% for host in groups['congress-api'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ congress_api_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
@@ -742,7 +742,7 @@ listen congress_api
 
 listen congress_api_external
   bind {{ kolla_external_vip_address }}:{{ congress_api_port }} {{ tls_bind_info }}
-  http-request del-header X-Forwarded-Proto
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
 {% for host in groups['congress-api'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ congress_api_port }} check inter 2000 rise 2 fall 5