From dc9b2b3ca8e46dbc358cbdda626441a4378531bd Mon Sep 17 00:00:00 2001
From: Sebastiaan Janssen <sebastiaan@umbraco.com>
Date: Mon, 19 Sep 2016 09:44:03 +0200
Subject: [PATCH] Fix the ClickJackingCheck to make sure it adds an "s" to
 "http" when SSL is enforced or site is running on port 443

---
 .../HealthCheck/Checks/Security/ClickJackingCheck.cs          | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/Umbraco.Web/HealthCheck/Checks/Security/ClickJackingCheck.cs b/src/Umbraco.Web/HealthCheck/Checks/Security/ClickJackingCheck.cs
index 6417d8979a..bdfd504d73 100644
--- a/src/Umbraco.Web/HealthCheck/Checks/Security/ClickJackingCheck.cs
+++ b/src/Umbraco.Web/HealthCheck/Checks/Security/ClickJackingCheck.cs
@@ -6,6 +6,7 @@ using System.Net;
 using System.Text.RegularExpressions;
 using System.Xml.Linq;
 using System.Xml.XPath;
+using Umbraco.Core.Configuration;
 using Umbraco.Core.IO;
 using Umbraco.Core.Services;
 
@@ -63,7 +64,8 @@ namespace Umbraco.Web.HealthCheck.Checks.Security
             var url = HealthCheckContext.HttpContext.Request.Url;
 
             // Access the site home page and check for the click-jack protection header or meta tag
-            var address = string.Format("http://{0}:{1}", url.Host.ToLower(), url.Port);
+            var useSsl = GlobalSettings.UseSSL || HealthCheckContext.HttpContext.Request.ServerVariables["SERVER_PORT"] == "443";
+            var address = string.Format("http{0}://{1}:{2}", useSsl ? "s" : "", url.Host.ToLower(), url.Port);
             var request = WebRequest.Create(address);
             request.Method = "GET";
             try