X-Forwarded-For

The X-Forwarded-For (XFF) HTTP header field is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer.

The X-Forwarded-For HTTP request header was introduced by the Squid caching proxy server's developers.[citation needed]

X-Forwarded-For is also an email-header indicating that an email-message was forwarded from one or more other accounts (probably automatically).[1]

Without the use of XFF or another similar technique, any connection through the proxy would reveal only the originating IP address of the proxy server, effectively turning the proxy server into an anonymizing service, thus making the detection and prevention of abusive accesses significantly harder than if the originating IP address were available. The usefulness of XFF depends on the proxy server truthfully reporting the original host's IP address; for this reason, effective use of XFF requires knowledge of which proxies are trustworthy, for instance by looking them up in a whitelist of servers whose maintainers can be trusted.

  1. ^ "Overview of parsed mail headers". Archived from the original on 2014-09-20. Retrieved 2014-05-05.