The HTTP headers are used to communicate between client and server. HTTP headers let the client and server pass additional information with an HTTP request or response. The X-Forwarded-For Header is a request type header and is an alternative and de-facto standard version of the Forwarded header which is used when a client connects to a web server through an HTTP proxy or load balancer for identifying the original IP address. The privacy of the user is put at risk as the sensitive information is revealed by using this header. The HTTP X-Forwarded-For header is used to identify the client’s original IP address. The modified version of the HTTP X-Forwarded-For is HTTP Forwarded header.
X-Forwarded-For: <client>, <proxy>
Note: Multiple proxies are also possible.
Directives: The HTTP X-Forwarded-For accepts two directives as mentioned above and described below:
- <client>: It is the IP address of the client.
- <proxy>: It is the proxies that request has to go through. If there are multiple proxies then the IP addresses of each successive proxy is listed.
- This is an example when the request has to go through multiple proxies.
X-Forwarded-For: 220.127.116.11, 18.104.22.168, 120.192.338.678
- This is an example when the request has to go through one proxy.
To check the X-Forwarded-For in action go to Inspect Element -> Network check the request header for X-Forwarded-For like below.
Supported Browsers: Compatibility of the HTTP header X-Forwarded-For for browsers is still unknown.