HTTP Headers
X-Forwarded-For Header
The X-Forwarded-For (XFF) header is an HTTP header used to identify the original IP address of a client connecting to a web server through a proxy, load balancer, or CDN.
π‘ Why itβs needed
When a request passes through a proxy or load balancer, the origin server sees the IP of that intermediary instead of the real client. The X-Forwarded-For header helps retain the original clientβs IP.
π§Ύ Format
X-Forwarded-For: client_ip, proxy1_ip, proxy2_ip
client_ip: the original clientβs IP addressproxy1_ip,proxy2_ip: subsequent proxy or load balancer IPs (optional)
β Example
X-Forwarded-For: 203.0.113.1, 198.51.100.101
203.0.113.1: original client198.51.100.101: the proxy/load balancer
π Security Note
Warning
This header can be spoofed by clients, so donβt blindly trust it. Use trusted proxies and configure web servers to only accept XFF from them.