diff --git a/lib/sinatra/base.rb b/lib/sinatra/base.rb
index ce6bd366d2..b6e1cfcef3 100644
--- a/lib/sinatra/base.rb
+++ b/lib/sinatra/base.rb
@@ -302,7 +302,10 @@ def block.each; yield(call) end
 
     # Halt processing and redirect to the URI provided.
     def redirect(uri, *args)
-      if (env['HTTP_VERSION'] == 'HTTP/1.1') && (env['REQUEST_METHOD'] != 'GET')
+      # SERVER_PROTOCOL is required in Rack 3, fall back to HTTP_VERSION
+      # for servers not updated for Rack 3 (like Puma 5)
+      http_version = env['SERVER_PROTOCOL'] || env['HTTP_VERSION']
+      if (http_version == 'HTTP/1.1') && (env['REQUEST_METHOD'] != 'GET')
         status 303
       else
         status 302
diff --git a/rack-protection/spec/lib/rack/protection/session_hijacking_spec.rb b/rack-protection/spec/lib/rack/protection/session_hijacking_spec.rb
index e39497b1a9..508b5814a6 100644
--- a/rack-protection/spec/lib/rack/protection/session_hijacking_spec.rb
+++ b/rack-protection/spec/lib/rack/protection/session_hijacking_spec.rb
@@ -27,8 +27,8 @@
 
   it 'accepts requests with a changing Version header' do
     session = { foo: :bar }
-    get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.0'
-    get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.1'
+    get '/', {}, 'rack.session' => session, 'SERVER_PROTOCOL' => 'HTTP/1.0'
+    get '/', {}, 'rack.session' => session, 'SERVER_PROTOCOL' => 'HTTP/1.1'
     expect(session[:foo]).to eq(:bar)
   end
 end
diff --git a/test/helpers_test.rb b/test/helpers_test.rb
index 50ee677872..c8893d2bc9 100644
--- a/test/helpers_test.rb
+++ b/test/helpers_test.rb
@@ -236,7 +236,7 @@ def status_app(code, &block)
 
     it 'uses 303 for post requests if request is HTTP 1.1' do
       mock_app { post('/') { redirect '/'} }
-      post('/', {}, 'HTTP_VERSION' => 'HTTP/1.1')
+      post('/', {}, 'SERVER_PROTOCOL' => 'HTTP/1.1')
       assert_equal 303, status
       assert_equal '', body
       assert_equal 'http://example.org/', response['Location']
@@ -244,7 +244,7 @@ def status_app(code, &block)
 
     it 'uses 302 for post requests if request is HTTP 1.0' do
       mock_app { post('/') { redirect '/'} }
-      post('/', {}, 'HTTP_VERSION' => 'HTTP/1.0')
+      post('/', {}, 'SERVER_PROTOCOL' => 'HTTP/1.0')
       assert_equal 302, status
       assert_equal '', body
       assert_equal 'http://example.org/', response['Location']