The X-Forwarded-Proto (XFP) header is a de-facto standard header for identifying the protocol (HTTP or HTTPS) that a client used to connect to your proxy or load balancer. Your server access logs contain the protocol used between the server and the load balancer, but not the protocol used between the client and the load balancer. To determine the protocol used between the client and the load balancer, the X-Forwarded-Proto request header can be used.
The X-Forwarded-For (XFF) header is a de-facto standard header for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or a load balancer. When traffic is intercepted between clients and servers, server access logs contain the IP address of the proxy or load balancer only. To see the original IP address of the client, the X-Forwarded-For request header is used.
This header is used for debugging, statistics, and generating location-dependent content and by design it exposes privacy sensitive information, such as the IP address of the client. Therefore the user's privacy must be kept in mind when deploying this header.
A standardized version of this header is the HTTP Forwarded header.
X-Forwarded-For is also an email-header indicating that an email-message was forwarded from another account.
references:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
The X-Forwarded-For (XFF) header is a de-facto standard header for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or a load balancer. When traffic is intercepted between clients and servers, server access logs contain the IP address of the proxy or load balancer only. To see the original IP address of the client, the X-Forwarded-For request header is used.
This header is used for debugging, statistics, and generating location-dependent content and by design it exposes privacy sensitive information, such as the IP address of the client. Therefore the user's privacy must be kept in mind when deploying this header.
A standardized version of this header is the HTTP Forwarded header.
X-Forwarded-For is also an email-header indicating that an email-message was forwarded from another account.
references:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
No comments:
Post a Comment