The HTTP X-Forwarded-For header contains the IP address for the client that initiates the HTTP request.
The HTTP X-Forwarded-For request header is used to identify the source of a HTTP request. This is not needed in situations where a client connects directly to the server. In this case, the client’s IP address is recorded and logged, if applicable. However, if the client HTTP Connection passes through intermediaries such as a proxy server or load-balancer, then the server will only have the IP address of the device that most recently forwarded the message.
To provide better traceability, troubleshooting, and statistical reporting, the HTTP X-Forwarded-For header is generated or modified by each intermediary. It is included with the HTTP request and ultimately, the server will have a list that contains the client and each of the intermediaries, as follows:
X-Forwarded-For: <client>, <intemediary>, …, <intemediary>
The "X-" naming convention for HTTP headers, "X" referring to "experimental", has been deprecated and need to be transitioned to formal naming convention for HTTP headers.
The HTTP X-Forwarded-For request header is still a common way to identify the original IP address of the client submitting the HTTP request; however, since its inception, this is now a standardized version as the HTTP Forwarded request header.
The HTTP X-Forwarded-For header, and the newer version HTTP Forwarded header, is used to provide information to the server about the IP address of the originating client, as well as addresses for intermediaries that the request has passed through en-route.