How does CloudFlare handle HTTP Request headers?

CloudFlare operates as a reverse proxy, so our customers are want to know how existing HTTP headers are handled, and what may change going through CloudFlare.

With two exceptions, CloudFlare passes on all HTTP headers as is from the client to the origin.

First exception: CF-Connecting-IP

To provide the client (visitor) IP address for every request to the origin, CloudFlare adds the CF-Connecting-IP header.

"CF-Connecting-IP: A.B.C.D"

where A.B.C.D is the client's IP address, also known as the original visitor IP address.

Second exception: X-Forwarded-For

X-Forwarded-For is a well-established HTTP header used by proxies, including CloudFlare, to pass along other IP addresses in the request. This is often the same as CF-Connecting-IP, but there may be multiple layers of proxies in a request path.

Two possible outcomes.

First, if there is no existing "X-Forwarded-For" header in the request, then the header would have an identical value to the CF-Connecting-IP header, like this:

"X-Forwarded-For: A.B.C.D"

where A.B.C.D is the client's IP address, also known as the original visitor IP address.

Second, if there is an "X-Forwarded-For" header present in the request, CloudFlare will append the client's IP to its value, as the last in the list.

"X-Forwarded-For: [X.X.X.X,Y.Y.Y.Y,]A.B.C.D"

where A.B.C.D is the client's IP address, also known as the original visitor IP address. X.X.X.X and Y.Y.Y.Y in this example are previous IP addresses in the header value.

Have more questions? Submit a request

Comments

Article is closed for comments.