Forwarded header contains information from the client-facing side of proxy servers that is altered or lost when a proxy is involved in the path of the request.
This header is used for debugging, statistics, and generating location-dependent content and by design it exposes privacy sensitive information, such as the IP address of the client. Therefore the user's privacy must be kept in mind when deploying this header.
Forwarded: by=<identifier>; for=<identifier>; host=<host>; proto=<http|https>
Hostrequest header field as received by the proxy.
Indicates which protocol was used to make the request (typically "http" or "https").
Forwarded: for="_mdn" # case insensitive Forwarded: For="[2001:db8:cafe::17]:4711" # separated by semicolon Forwarded: for=192.0.2.60; proto=http; by=203.0.113.43 # multiple values can be appended using a comma Forwarded: for=192.0.2.43, for=198.51.100.17
If your application, server, or proxy supports the standardized
Forwarded header, the
X-Forwarded-For header can be replaced. Note that IPv6 address are quoted and enclosed in square brackets in
X-Forwarded-For: 123.34.567.89 Forwarded: for=123.34.567.89 X-Forwarded-For: 192.0.2.43, 2001:db8:cafe::17 Forwarded: for=192.0.2.43, for="[2001:db8:cafe::17]"
|RFC 7239, section 4: Forwarded||Forwarded HTTP Extension|
Via– provides information about the proxy itself, not about the client connecting to it.
© 2005–2018 Mozilla Developer Network and individual contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.