diff --git a/internal/xds/translator/proxy_protocol.go b/internal/xds/translator/proxy_protocol.go
index 9c0dcb2bd16..a36673dc7fa 100644
--- a/internal/xds/translator/proxy_protocol.go
+++ b/internal/xds/translator/proxy_protocol.go
@@ -32,7 +32,8 @@ func patchProxyProtocolFilter(xdsListener *listenerv3.Listener, irListener *ir.H
 	proxyProtocolFilter := buildProxyProtocolFilter()
 
 	if proxyProtocolFilter != nil {
-		xdsListener.ListenerFilters = append(xdsListener.ListenerFilters, proxyProtocolFilter)
+		// Add the Proxy Protocol filter as first to listeners.
+		xdsListener.ListenerFilters = append([]*listenerv3.ListenerFilter{proxyProtocolFilter}, xdsListener.ListenerFilters...)
 	}
 }
 
diff --git a/internal/xds/translator/proxy_protocol_test.go b/internal/xds/translator/proxy_protocol_test.go
new file mode 100644
index 00000000000..b4b5ac51aff
--- /dev/null
+++ b/internal/xds/translator/proxy_protocol_test.go
@@ -0,0 +1,58 @@
+// Copyright Envoy Gateway Authors
+// SPDX-License-Identifier: Apache-2.0
+// The full text of the Apache license is available in the LICENSE file at
+// the root of the repo.
+
+package translator
+
+import (
+	"testing"
+
+	listenerv3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
+	"github.com/envoyproxy/go-control-plane/pkg/wellknown"
+	"github.com/stretchr/testify/require"
+
+	"github.com/envoyproxy/gateway/internal/ir"
+)
+
+func TestPatchProxyProtocolFilter(t *testing.T) {
+	type testCase struct {
+		name     string
+		listener *listenerv3.Listener
+	}
+
+	irListener := &ir.HTTPListener{
+		EnableProxyProtocol: true,
+	}
+
+	testCases := []testCase{
+		{
+			name: "listener with proxy proto available already",
+			listener: &listenerv3.Listener{
+				ListenerFilters: []*listenerv3.ListenerFilter{
+					{
+						Name: wellknown.ProxyProtocol,
+					},
+				},
+			},
+		},
+		{
+			name: "listener with tls, append proxy proto",
+			listener: &listenerv3.Listener{
+				ListenerFilters: []*listenerv3.ListenerFilter{
+					{
+						Name: wellknown.TLSInspector,
+					},
+				},
+			},
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			patchProxyProtocolFilter(tc.listener, irListener)
+			// proxy proto filter should be added always as first
+			require.Equal(t, wellknown.ProxyProtocol, tc.listener.ListenerFilters[0].Name)
+		})
+	}
+}