diff --git a/content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md b/content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md
index 1e4fa50b345..ae722e858c6 100644
--- a/content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md
+++ b/content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md
@@ -156,9 +156,9 @@ You may terminate the SSL/TLS on a L7 load balancer external to the Rancher clus
 
 Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly.
 
-#### Enabling Forward Host Headers for NGINX v0.25.0
+#### Configuring Ingress for External TLS when Using NGINX v0.25
 
-If you are using an NGINX v0.25.0 ingress controller, you must edit the `cluster.yml` to enable the `use-forwarded-headers` option for ingress:
+Rancher v2.3.0 shipped with NGINX v0.25.1. In this version, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0220) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX 0.25, you must edit the `cluster.yml` to enable the `use-forwarded-headers` option for ingress:
 
 ```yaml
 ingress:
@@ -166,9 +166,6 @@ ingress:
   options:
     use-forwarded-headers: "true"
 ```
-Version 0.22 of `ingress-nginx` had a [breaking change](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0220) in which the IP addreses for forwarded headers are not trusted by default. Rancher v2.2.x used `ingress-nginx` 0.21, while Rancher v2.3.x uses `ingress-nginx` 0.25.
-
-This change allows `ingress-nginx` to trust any client to extract true IP addresses from forwarded headers.
 
 #### Required Headers