diff --git a/test/e2e/annotations/proxyssl.go b/test/e2e/annotations/proxyssl.go
index 5b3ebb566..b23462905 100644
--- a/test/e2e/annotations/proxyssl.go
+++ b/test/e2e/annotations/proxyssl.go
@@ -18,6 +18,7 @@ package annotations
 
 import (
 	"fmt"
+	"net/http"
 	"strings"
 
 	"github.com/onsi/ginkgo"
@@ -35,66 +36,114 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
 
 	ginkgo.It("should set valid proxy-ssl-secret", func() {
 		host := "proxyssl.foo.com"
-		annotations := map[string]string{
-			"nginx.ingress.kubernetes.io/proxy-ssl-secret": f.Namespace + "/" + host,
-		}
+		annotations := make(map[string]string)
+		annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
 
-		_, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
+		tlsConfig, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
 		assert.Nil(ginkgo.GinkgoT(), err)
 
 		ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing)
 
 		assertProxySSL(f, host, "DEFAULT", "TLSv1 TLSv1.1 TLSv1.2", "off", 1)
+
+		f.HTTPTestClient().
+			GET("/").
+			WithHeader("Host", host).
+			Expect().
+			Status(http.StatusPermanentRedirect)
+
+		f.HTTPTestClientWithTLSConfig(tlsConfig).
+			GET("/").
+			WithURL(f.GetURL(framework.HTTPS)).
+			WithHeader("Host", host).
+			Expect().
+			Status(http.StatusOK)
 	})
 
 	ginkgo.It("should set valid proxy-ssl-secret, proxy-ssl-verify to on, and proxy-ssl-verify-depth to 2", func() {
 		host := "proxyssl.foo.com"
-		annotations := map[string]string{
-			"nginx.ingress.kubernetes.io/proxy-ssl-secret":       f.Namespace + "/" + host,
-			"nginx.ingress.kubernetes.io/proxy-ssl-verify":       "on",
-			"nginx.ingress.kubernetes.io/proxy-ssl-verify-depth": "2",
-		}
+		annotations := make(map[string]string)
+		annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
+		annotations["nginx.ingress.kubernetes.io/proxy-ssl-verify"] = "on"
+		annotations["nginx.ingress.kubernetes.io/proxy-ssl-verify-depth"] = "2"
 
-		_, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
+		tlsConfig, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
 		assert.Nil(ginkgo.GinkgoT(), err)
 
 		ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing)
 
 		assertProxySSL(f, host, "DEFAULT", "TLSv1 TLSv1.1 TLSv1.2", "on", 2)
+
+		f.HTTPTestClient().
+			GET("/").
+			WithHeader("Host", host).
+			Expect().
+			Status(http.StatusPermanentRedirect)
+
+		f.HTTPTestClientWithTLSConfig(tlsConfig).
+			GET("/").
+			WithURL(f.GetURL(framework.HTTPS)).
+			WithHeader("Host", host).
+			Expect().
+			Status(http.StatusOK)
 	})
 
 	ginkgo.It("should set valid proxy-ssl-secret, proxy-ssl-ciphers to HIGH:!AES", func() {
 		host := "proxyssl.foo.com"
-		annotations := map[string]string{
-			"nginx.ingress.kubernetes.io/proxy-ssl-secret":  f.Namespace + "/" + host,
-			"nginx.ingress.kubernetes.io/proxy-ssl-ciphers": "HIGH:!AES",
-		}
+		annotations := make(map[string]string)
+		annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
+		annotations["nginx.ingress.kubernetes.io/proxy-ssl-ciphers"] = "HIGH:!AES"
 
-		_, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
+		tlsConfig, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
 		assert.Nil(ginkgo.GinkgoT(), err)
 
 		ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing)
 
 		assertProxySSL(f, host, "HIGH:!AES", "TLSv1 TLSv1.1 TLSv1.2", "off", 1)
+
+		f.HTTPTestClient().
+			GET("/").
+			WithHeader("Host", host).
+			Expect().
+			Status(http.StatusPermanentRedirect)
+
+		f.HTTPTestClientWithTLSConfig(tlsConfig).
+			GET("/").
+			WithURL(f.GetURL(framework.HTTPS)).
+			WithHeader("Host", host).
+			Expect().
+			Status(http.StatusOK)
 	})
 
 	ginkgo.It("should set valid proxy-ssl-secret, proxy-ssl-protocols", func() {
 		host := "proxyssl.foo.com"
-		annotations := map[string]string{
-			"nginx.ingress.kubernetes.io/proxy-ssl-secret":    f.Namespace + "/" + host,
-			"nginx.ingress.kubernetes.io/proxy-ssl-protocols": "TLSv1.2 TLSv1.3",
-		}
+		annotations := make(map[string]string)
+		annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
+		annotations["nginx.ingress.kubernetes.io/proxy-ssl-protocols"] = "TLSv1.2 TLSv1.3"
 
-		_, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
+		tlsConfig, err := framework.CreateIngressMASecret(f.KubeClientSet, host, host, f.Namespace)
 		assert.Nil(ginkgo.GinkgoT(), err)
 
 		ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing)
 
 		assertProxySSL(f, host, "DEFAULT", "TLSv1.2 TLSv1.3", "off", 1)
+
+		f.HTTPTestClient().
+			GET("/").
+			WithHeader("Host", host).
+			Expect().
+			Status(http.StatusPermanentRedirect)
+
+		f.HTTPTestClientWithTLSConfig(tlsConfig).
+			GET("/").
+			WithURL(f.GetURL(framework.HTTPS)).
+			WithHeader("Host", host).
+			Expect().
+			Status(http.StatusOK)
 	})
 })