diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2c48091b..932caa3a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,8 @@
 
 # v4.0.0
 
+- [#248](https://github.com/pusher/oauth2_proxy/pull/248) Fix issue with X-Auth-Request-Redirect header being ignored
+
 ## Release Highlights
 - Documentation is now on a [microsite](https://pusher.github.io/oauth2_proxy/)
 - Health check logging can now be disabled for quieter logs
diff --git a/docs/configuration/configuration.md b/docs/configuration/configuration.md
index 6fca5629..db47e691 100644
--- a/docs/configuration/configuration.md
+++ b/docs/configuration/configuration.md
@@ -249,6 +249,8 @@ server {
     proxy_set_header X-Real-IP               $remote_addr;
     proxy_set_header X-Scheme                $scheme;
     proxy_set_header X-Auth-Request-Redirect $request_uri;
+    # or, if you are handling multiple domains:
+    # proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;
   }
   location = /oauth2/auth {
     proxy_pass       http://127.0.0.1:4180;
diff --git a/oauthproxy.go b/oauthproxy.go
index 2418e736..5af2e9cb 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -480,7 +480,10 @@ func (p *OAuthProxy) GetRedirect(req *http.Request) (redirect string, err error)
 		return
 	}
 
-	redirect = req.Form.Get("rd")
+	redirect = req.Header.Get("X-Auth-Request-Redirect")
+	if req.Form.Get("rd") != "" {
+		redirect = req.Form.Get("rd")
+	}
 	if !p.IsValidRedirect(redirect) {
 		redirect = req.URL.Path
 		if strings.HasPrefix(redirect, p.ProxyPrefix) {