Our volunteers haven't translated this article into Deutsch yet. Join us and help get the job done!
You can also read the article in English (US).

The Forwarded header contains information from the client-facing side of proxy servers that is altered or lost when a proxy is involved in the path of the request.

The alternative and de-facto standard versions of this header are the X-Forwarded-ForX-Forwarded-Host and X-Forwarded-Proto headers.

This header is used for debugging, statistics, and generating location-dependent content and by design it exposes privacy sensitive information, such as the IP address of the client. Therefore the user's privacy must be kept in mind when deploying this header.

Header type Request header
Forbidden header name no


Forwarded: by=<identifier>; for=<identifier>; host=<host>; proto=<http|https>


An identifier disclosing the information that is altered or lost when using a proxy. This can be either:
  • an IP address (v4 or v6, optionally with a port, and ipv6 quoted and enclosed in square brackets),
  • an obfuscated identifier (such as "_hidden" or "_secret"),
  • or "unknown" when the preceding entity is not known (and you still want to indicate that forwarding of the request was made).
The interface where the request came in to the proxy server.
The client that initiated the request and subsequent proxies in a chain of proxies.
The Host request header field as received by the proxy.

Indicates which protocol was used to make the request (typically "http" or "https").


Using the Forwarded header

Forwarded: for="_mdn" 

# case insensitive
Forwarded: For="[2001:db8:cafe::17]:4711"

# separated by semicolon
Forwarded: for=; proto=http; by=

# multiple values can be appended using a comma
Forwarded: for=, for=

Transitioning from X-Forwarded-For to Forwarded

If your application, server, or proxy supports the standardized Forwarded header, the X-Forwarded-For header can be replaced. Note that IPv6 address are quoted and enclosed in square brackets in Forwarded.

X-Forwarded-For: 123.34.567.89
Forwarded: for=123.34.567.89

X-Forwarded-For:, 2001:db8:cafe::17
Forwarded: for=, for="[2001:db8:cafe::17]"


Specification Title
RFC 7239, section 4: Forwarded Forwarded HTTP Extension

See also

Schlagwörter des Dokuments und Mitwirkende

 Mitwirkende an dieser Seite: duelinmarkers, teoli, fscholz
 Zuletzt aktualisiert von: duelinmarkers,