X-Forwarded-For (XFF) request header is a de-facto standard header for identifying the originating IP address of a client connecting to a web server through a proxy server.
Warning: Improper use of this header can be a security risk. For details, see the Security and privacy concerns section.
When a client connects directly to a server, the client's IP address is sent to the server (and is often written to server access logs). But if a client connection passes through any forward or reverse proxies, the server only sees the final proxy's IP address, which is often of little use. That's especially true if the final proxy is a load balancer which is part of the same installation as the server. So, to provide a more-useful client IP address to the server, the
X-Forwarded-For request header is used.
For detailed guidance on using this header, see the Parsing and Selecting an IP address sections.
|Header type||Request header|
|Forbidden header name||no|
A standardized version of this header is the HTTP