X-Forwarded-Server
The originating server of a client request.
Fastly reads this header from requests and writes it into requests. It is defined by an external standard.
For VCL services, Fastly will add or append X-Forwarded-Server headers on incoming requests over TLS, as follows:
- Fastly's edge cache – if the request protocol is TLS.
- Fastly's shield cache – if the origin has a TLS configuration and shielding is enabled.
- Even if client connection is TLS, unless the origin connection is over TLS, nothing will be added or appended at the shield.
Examples
| Shielding | Request Protocol | Origin Protocol | Client Header | X-Forwarded-Server | Note |
|---|---|---|---|---|---|
| No | TLS | TLS | No | cache-nrt6128-NRT | Added at edge |
| No | Non TLS | TLS | No | null | |
| No | TLS | TLS | Yes | Server1, cache-nrt6146-NRT | Appended |
| No | Non TLS | TLS | Yes | Server1 | Pass-through |
| No | TLS | Non TLS | No | cache-nrt6128-NRT | Added at edge |
| No | Non TLS | Non TLS | No | null | |
| No | TLS | Non TLS | Yes | Server1, cache-nrt6146-NRT | Appended |
| No | Non TLS | Non TLS | Yes | Server1 | Pass-through |
| Yes | TLS | TLS | No | cache-hnd18734-HND, cache-hkg17928-HKG | Added at edge and shield |
| Yes | Non TLS | TLS | No | cache-hkg17933-HKG | Added at shield |
| Yes | TLS | TLS | Yes | Server1, cache-nrt6122-NRT, cache-hkg17925-HKG | Added at edge and shield |
| Yes | Non TLS | TLS | Yes | Server1, cache-hkg17926-HKG | Added at shield |
| Yes | TLS | Non TLS | No | cache-hnd18723-HND | Added at edge |
| Yes | Non TLS | Non TLS | No | null | |
| Yes | TLS | Non TLS | Yes | Server1, cache-hnd18746-HND | Added at edge |
| Yes | Non TLS | Non TLS | Yes | Server1 | Pass-through |
Overriding multiple entries
To set a single value for this header, add the following to vcl_miss and vcl_pass:
set bereq.http.X-Forwarded-Server = server.hostname;