diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml
index 5bf0fc0c..8f3f0481 100644
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -184,6 +184,12 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2 TLSv1.3"
 # Controls whether the self-check feature should validate SSL certificates.
 matrix_nginx_proxy_self_check_validate_certificates: true
 
+# Controls whether redirects will be followed when checking the `/.well-known/matrix/client` resource.
+#
+# As per the spec (https://matrix.org/docs/spec/client_server/r0.6.0#well-known-uri), it shouldn't be,
+# so we default to not following redirects as well.
+matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects: none
+
 # By default, this playbook automatically retrieves and auto-renews
 # free SSL certificates from Let's Encrypt.
 #
diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml b/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml
index 1e274ee3..6aaf9cb3 100644
--- a/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml
+++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml
@@ -6,7 +6,7 @@
       - path: /.well-known/matrix/client
         purpose: Client Discovery
         cors: true
-        follow_redirects: none
+        follow_redirects: "{{ matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects }}"
         validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}"
 
 - block: