X-Forwarded-For HTTP Header: Syntax, Directive, Examples

The X-Forwarded-For HTTP Header is a de-facto standard header for identifying a client’s originating IP address when connecting to a web server via an HTTP proxy or a load balancer. The X-Forwarded-For HTTP Header allows the client and server to provide additional data with an HTTP request or response. When traffic between clients and servers is blocked, server access logs only show the IP address of the proxy or load balancer that blocked the traffic. There are several X-Forwarded-For HTTP Header values, including <client>, <proxy1>, and <proxy2>. The X-Forwarded-For HTTP Header value client is the client’s IP address, and the multiple proxy values are the IP addresses of each successive proxy listed. The X-Forwarded-For HTTP Header is used to see the original IP address of the client. The X-Forwarded-For HTTP Header is used for things like debugging, statistics, and making location-based content. By design, it shows private information, like the IP address of the client. When this header is used, the user’s privacy must be kept in mind. The following is an example of an X-Forwarded-For HTTP Header for the request for multiple proxies and a single proxy.

Multiple Proxies

X-Forwarded-For: 103.0.513.125, 80.91.3.17, 120.192.335.629

Single Proxy

X-Forwarded-For: fe80::729b:cd:b91:5r9d%6

X-Forwarded-For request header can be seen above. In this article, the X-Forwarded-For HTTP Header Syntax, Directives, and Uses with examples will be processed.

What is X-Forwarded-For HTTP Header HTTP Header?

The X-Forwarded-For HTTP Header is used for identifying a client’s originating IP address when connecting to a web server via an HTTP proxy or a load balancer. This X-Forwarded-For HTTP Header is intended to expose privacy-sensitive information, such as the client’s IP address, and is used for debugging, statistics, and generating location-dependent content. As a result, when installing this header, the user’s privacy must be considered.

What is the Syntax of X-Forwarded-For HTTP Header?

The syntax for using X-Forwarded-For HTTP Header should be followed.

X-Forwarded-For: <client>, <proxy1>, <proxy2>

What are the Directive of X-Forwarded-For HTTP Header?

The X-Forwarded-For HTTP Header directives are to be defined based on the X-Forwarded-For HTTP Header values. There are two kinds of x-forwarded-for directives.

  • Client: The client is the client IP address
  • Proxy1, Proxy2: If a request passes through many proxies, the IP addresses of the subsequent proxies are listed. This indicates that the IP address on the right is that of the most recent proxy, while the IP address on the left is that of the original client.

Below is an example usage of the directives X-Forwarded-For HTTP Header.

X-Forwarded-For: 2001:db8:87a3:8d3:1918:8v2e:370:7548
X-Forwarded-For: 203.0.963.295
X-Forwarded-For: 204.0.153.155, 70.42.3.18, 290.172.338.188

Other non-standard forms

# Used for some Google services
X-ProxyUser-Ip: 296.0.143.17 

How to use X-Forwarded-For HTTP Header?

When developing with X-Forwarder-For HTTP Header, the developer must be familiar with the de-facto standard header used to identify the originating IP address of a client connecting to a web server through an HTTP proxy or a load balancer. For the purpose of determining the client’s IP address, the X-Forwarded-For HTTP Header request header is employed. This header is used for debugging, statistics, and creating material that is specific to a certain location. By design, it makes private and sensitive information, such as the IP address of the client, available for public consumption. Therefore, when installing this header, it is important to keep the user’s confidentiality in mind.

Examples of X-Forwarded-For HTTP Header Use

An example of the X-Forwarded-For use can be found below.

X-Forwarded-For: 2001:du8:95j3:53:1319:8a2i:390:8347
X-Forwarded-For: 206.0.153.175
X-Forwarded-For: 203.0.153.175, 70.871.3.18, 150.172.208.148

What is the Specification Document for X-Forwarded-For HTTP Header?

There is only one specification document for the X-Forwarded-For HTTP Header which is the RFC 7239. The RFC 7239 mentioned the X-Forwarded-For HTTP Header as a common way to disclose information by using the non-standard header fields for the Forwarded HTTP Extension. Additionally, this article discusses the X-Forwarded-For HTTP Header’s definition and usage.

What are the types of X-Forwarded-For HTTP Header?

The X-Forwarded-For HTTP Header HTTP Type is listed below.

  1. Response Headers: The X-Forwarded-For HTTP Header is a Response Header because it provides information on how to use the X-Forwarded-For HTTP Header for debugging, statistics, and generating location-dependent content. 
  2. Representation Headers: The X-Forwarded-For HTTP Header is a Representation Header because it contains information about additional data in the HTTP request and response.
  3. Payload Headers: The X-Forwarded-For HTTP Header is a Payload Header because it contains private information, like the IP address of the client. 

What are the similar HTTP Headers to the X-Forwarded-For HTTP Header?

The similar HTTP Headers to the X-Forwarded-For HTTP Header are listed below.

  • Forwarded HTTP Header: Forwarded HTTP is similar to X-Forwarded-For HTTP Header because they both identify the originating IP address. It is also used for debugging, statistics, and generating location-dependent content.
  • X-Forwarded-Host HTTP Header: X-Forwarded-Host and X-Forwarded-For HTTP Header are identical in that they both identify the originating IP address. It’s also used for debugging, statistics, and creating location-specific content.
  • X-Forwarded-Proto HTTP Header: X-Forwarded-Proto and X-Forwarded-For HTTP Header are similar in that they both contain a header that is used to connect to a proxy and a load balancer.
  • Via HTTP Header: Via HTTP is similar to X-Forwarded-For HTTP Header because they both identify the protocol or HTTP that is capable of reaching the sender along the request/response chain.

Which Browsers Support X-Forwarded-For HTTP Header? 

The compatibility of browsers for the X-Forwarded-For HTTP Header is unknown.

Holistic SEO
Follow SEO

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.