X-Forwarded-Server
The originating server of a client request.
Fastly reads this header from requests and writes it into requests. It is defined by an external standard.
For VCL services, Fastly will add or append X-Forwarded-Server
headers on incoming requests over TLS, as follows:
- Fastly's edge cache – if the request protocol is TLS.
- Fastly's shield cache – if the origin has a TLS configuration and shielding is enabled.
- Even if client connection is TLS, unless the origin connection is over TLS, nothing will be added or appended at the shield.
Examples
Shielding | Request Protocol | Origin Protocol | Client Header | X-Forwarded-Server | Note |
---|---|---|---|---|---|
No | TLS | TLS | No | cache-nrt6128-NRT | Added at edge |
No | Non TLS | TLS | No | null | |
No | TLS | TLS | Yes | Server1, cache-nrt6146-NRT | Appended |
No | Non TLS | TLS | Yes | Server1 | Pass-through |
No | TLS | Non TLS | No | cache-nrt6128-NRT | Added at edge |
No | Non TLS | Non TLS | No | null | |
No | TLS | Non TLS | Yes | Server1, cache-nrt6146-NRT | Appended |
No | Non TLS | Non TLS | Yes | Server1 | Pass-through |
Yes | TLS | TLS | No | cache-hnd18734-HND, cache-hkg17928-HKG | Added at edge and shield |
Yes | Non TLS | TLS | No | cache-hkg17933-HKG | Added at shield |
Yes | TLS | TLS | Yes | Server1, cache-nrt6122-NRT, cache-hkg17925-HKG | Added at edge and shield |
Yes | Non TLS | TLS | Yes | Server1, cache-hkg17926-HKG | Added at shield |
Yes | TLS | Non TLS | No | cache-hnd18723-HND | Added at edge |
Yes | Non TLS | Non TLS | No | null | |
Yes | TLS | Non TLS | Yes | Server1, cache-hnd18746-HND | Added at edge |
Yes | Non TLS | Non TLS | Yes | Server1 | Pass-through |
Overriding multiple entries
To set a single value for this header, add the following to vcl_miss
and vcl_pass
:
set bereq.http.X-Forwarded-Server = server.hostname;