The HTTP headers are used to communicate between client and server. HTTP headers let the client and server pass additional information with an HTTP request or response. The X-Forwarded-For Header is a request type header and is an alternative and de-facto standard version of the Forwarded header which is used when a client connects to a web server through an HTTP proxy or load balancer for identifying the original IP address. The privacy of the user is put at risk as the sensitive information is revealed by using this header. The HTTP X-Forwarded-For header is used to identify the client’s original IP address. The modified version of the HTTP X-Forwarded-For is HTTP Forwarded header.
X-Forwarded-For: <client>, <proxy>
Note: Multiple proxies are also possible.
Directives: The HTTP X-Forwarded-For accepts two directives as mentioned above and described below:
- <client>: It is the IP address of the client.
- <proxy>: It is the proxies that request has to go through. If there are multiple proxies then the IP addresses of each successive proxy is listed.
- This is an example when the request has to go through multiple proxies.
X-Forwarded-For: 220.127.116.11, 18.104.22.168, 120.192.338.678
- This is an example when the request has to go through one proxy.
To check the X-Forwarded-For in action go to Inspect Element -> Network check the request header for X-Forwarded-For like below.
Supported Browsers: Compatibility of the HTTP header X-Forwarded-For for browsers is still unknown.
- HTTP headers | Access-Control-Expose-Headers
- HTTP headers | Access-Control-Allow-Headers.
- HTTP headers | Access-Control-Request-Headers
- HTTP headers | Location
- HTTP headers | User-Agent
- HTTP headers | Link
- HTTP headers | Save-Data
- HTTP headers | Content-Type
- HTTP headers | X-Forwarded-Proto
- HTTP headers | X-XSS-Protection
- HTTP headers | X-Frame-Options
- HTTP headers | Last-Modified
- HTTP headers | Date
- HTTP headers | Cookie
- HTTP headers | Strict-Transport-Security
- HTTP headers | Expect
- HTTP headers | Accept-Encoding
- HTTP headers | Proxy-Authenticate
- HTTP headers | Content-Range
- HTTP headers | Content-Encoding
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.