For example, the Page Overlay report does not work over SSL on the demo because the _SERVER[is not set but _SERVER'HTTP_X_FORWARDED_PROTO' is
Probably doesn't matter here, but the reason I didn't include X-Forwarded-Proto is because it's non-standard and can be spoofed. Other variations are X-Forwarded-Ssl and X-Forwarded-Scheme. Hence "assume_secure_protocol".