X-Forwarded-For
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://statuscodefyi.com/iframe/glossary/x-forwarded-for/" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://statuscodefyi.com/glossary/x-forwarded-for/Add a dynamic SVG badge to your README or docs.
[](https://statuscodefyi.com/glossary/x-forwarded-for/)Use the native HTML custom element.
A de facto HTTP header used by proxies and load balancers to identify the originating client IP address when traffic passes through intermediaries. Each proxy appends the IP it received the request from, creating a comma-separated list. Applications must trust only the last untrusted hop to prevent IP spoofing — attackers can prepend arbitrary IPs to the header if the application naively reads the first value.
Related Protocols
Mentioned in Guides
HTTP Proxy Headers: X-Forwarded-For, Via, and Forwarded
HTTP Fundamentals
Reverse Proxy Configuration: Nginx, Caddy, and HAProxy
Production Infrastructure
TLS Termination: Where to Terminate HTTPS and Why
Production Infrastructure
Request and Response Transformation at the API Gateway
API Gateway Patterns