diff --git a/internal/outpost/proxyv2/application/mode_common.go b/internal/outpost/proxyv2/application/mode_common.go
index a699f7cb0..b0dac258d 100644
--- a/internal/outpost/proxyv2/application/mode_common.go
+++ b/internal/outpost/proxyv2/application/mode_common.go
@@ -85,7 +85,7 @@ func (a *Application) IsAllowlisted(r *http.Request) bool {
 	// Since that would be /akprox/auth/...
 	if a.Mode() == api.PROXYMODE_FORWARD_SINGLE || a.Mode() == api.PROXYMODE_FORWARD_DOMAIN {
 		// For traefik, we can get the Upstream URL from headers
-		// For nginx we can attempt to as well, but it's not guranteed to work.
+		// For nginx we can attempt to as well, but it's not guaranteed to work.
 		if strings.HasPrefix(r.URL.Path, "/akprox/auth") {
 			url = a.getTraefikForwardUrl(r)
 		}
diff --git a/internal/outpost/proxyv2/application/mode_forward.go b/internal/outpost/proxyv2/application/mode_forward.go
index 69f5ee9b3..08b831d7d 100644
--- a/internal/outpost/proxyv2/application/mode_forward.go
+++ b/internal/outpost/proxyv2/application/mode_forward.go
@@ -48,12 +48,7 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
 	// to the application
 	// see https://doc.traefik.io/traefik/middlewares/forwardauth/
 	// X-Forwarded-Uri is only the path, so we need to build the entire URL
-	s.Values[constants.SessionRedirect] = fmt.Sprintf(
-		"%s://%s%s",
-		r.Header.Get("X-Forwarded-Proto"),
-		r.Header.Get("X-Forwarded-Host"),
-		r.Header.Get("X-Forwarded-Uri"),
-	)
+	s.Values[constants.SessionRedirect] = a.getTraefikForwardUrl(r).String()
 	if r.Header.Get("X-Forwarded-Uri") == "/akprox/start" {
 		a.log.Info("Detected potential redirect loop")
 		if val, ok := s.Values[constants.SessionLoopDetection]; !ok {