X-Forwarded-Proto Header

Table of Content

The X-Forwarded-Proto (XFP) header is a de-facto standard header for identifying the protocol (HTTP or HTTPS) that a client used to connect to your proxy or load balancer. It's typically used in situations where secure web servers are behind proxy services, which handle HTTPS encryption/decryption on behalf of those servers.

Syntax

To add the X-Forwarded-Proto header to an HTTP request, it's appended as follows:

X-Forwarded-Proto: https

Note that the syntax is case-insensitive.

Directives

  • https - This directive is used if the client uses HTTPS connection to your proxy/load balancer.
  • http - This directive is used if the client uses HTTP connection to your proxy/load balancer.

Examples

When the X-Forwarded-Proto header is included in an HTTPS request, it should appear as follows:

GET /mypage HTTP/1.1
Host: www.example.com
X-Forwarded-Proto: https

Browser Compatibility

Browser Compatibility
Chrome Supported
Firefox Supported
Safari Supported
Opera Supported
Edge Supported

How to modify X-Forwarded-Proto header

ModHeader is a Chrome extension that can be used to modify HTTP request headers.

  1. First install ModHeader from the Chrome Web Store.
  2. Click on the ModHeader icon in the Chrome toolbar, which opens the extension settings.
  3. In the 'Request headers' section, click 'Add' button. Then put 'X-Forwarded-Proto' in 'Name' field and 'https' or 'http' (respective to your targeted protocol) in 'Value' field.
  4. Now, all your requests from the browser will include this header.

Modifying the X-Forwarded-Proto can be useful for testing how your server handle the protocol used by the client to connect to the proxy or load balancer. It can also be used for testing redirections from HTTP to HTTPS or vice versa.