Wow, you're help is awesome. It does definitely make sense.
It seems IIS sets "HTTPS" to "off", but usually a webserver should keep it empty. The PHP doc says:
Code: Select all
'HTTPS'
Set to a non-empty value if the script was queried through the HTTPS protocol.
Best regards,
Garvin