What is a full specification of X-Forwarded-Proto
HTTP header values?
The X-Forwarded-Proto (XFP) header is a de-facto standard header for identifying the protocol (HTTP or HTTPS) that a client used to connect to your proxy or load balancer.
To check the X-Forwarded-For in action go to Inspect Element -> Network check the request header for X-Forwarded-For like below.
The X-Real-IP header provides the client's IP address. For example: X-Real-IP: 192.168.0.10.
There is no "full specification" -- it's a de facto standard. The X-
in front of a header name customarily* has denoted it as experimental/non-standard/vendor-specific. Once it's a standard part of HTTP, it'll lose the prefix.
There's some work from the IETF on standardizing it, but it's just at the draft stages, as far as i can tell. Check out https://datatracker.ietf.org/doc/html/draft-ietf-appsawg-http-forwarded-10 for the latest draft as of the time of this writing. But be aware that it can change at any time while it's being fleshed out, and don't rely on it in production stuff yet.
Update:
RFC 7239 now defines the Forwarded:
header, which is intended to replace X-Forwarded-*
. If you care about standards, i would recommend using that instead.
* This used to be an official thing, but no longer is. RFC 6648 deprecates the X-
prefixing convention. Unfortunately, the convention is so widely known (and the deprecation so low-key) that most people outside the IETF will probably ignore the recommendation.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With