Learn how Cloudflare handles HTTP request headers to your origin web server and what headers Cloudflare adds to proxied requests.
Overview
Cloudflare passes all HTTP headers as-is from the client to the origin and adds additional headers as specified below.
Provides the client (visitor) IP address (connecting to Cloudflare) to the origin web server.
This header will only be sent on the traffic from Cloudflare's edge to your origin webserver.
Provides the original client (visitor) IP address to the origin web server. True-Client-IP is only available on our Enterprise plan. In the example below, 203.0.113.1 is the original visitor IP address.
Example:
True-Client-IP: 203.0.113.1
Maintains proxy server and original visitor IP addresses. If there was no existing X-Forwarded-For header in the request sent to Cloudflare, X-Forwarded-For has an identical value to the CF-Connecting-IP header:
Example:
X-Forwarded-For: 203.0.113.1
If an X-Forwarded-For header was already present in the request to Cloudflare, Cloudflare appends the IP address of the HTTP proxy to the header:
Example:
X-Forwarded-For: 198.51.100.101,198.51.100.102,203.0.113.1
In the examples above, 203.0.113.1 is the original visitor IP address and 198.51.100.101 and 198.51.100.102 are proxy server IP addresses provided to Cloudflare via the X-Forwarded-For header.
The cf-ray header is a hashed value encoding information about the data center and the visitor’s request:
Example:
CF-RAY: 230b030023ae2822-SJC
Add the CF-Ray header to your origin web server logs to match requests proxied to Cloudflare to requests in your server logs. Enterprise customers can also see all requests via Cloudflare Logs.
Contains a two character country code of the originating visitor’s country. XX is used for unknown country information. This header is added to requests by enabling Cloudflare IP Geolocation in the dashboard.
Example:
CF-IPCountry: US
Currently, this header is a JSON object, containing only one key called “scheme”. The meaning is identical to that of X-Forwarded-Proto above - e.g. it will be either HTTP or HTTPS, and it is only really relevant if you need to enable Flexible SSL in your Cloudflare settings.
Example:
CF-Visitor: { \"scheme\":\"https\"}
Allows Cloudflare to specify how many times a request can enter Cloudflare's network before it is blocked as a looping request.
Example:
CDN-Loop: cloudflare
The CF-Worker request header is added to an edge Worker subrequest that identifies the host that spawned the subrequest. This is useful when you want to protect against cross-zone worker subrequests.
Example:
CF-Worker: example.com
You can add CF-Worker header on server logs similar to the way you add the CF-RAY header. Just add "$http_cf_worker" in the log format file: log_format cf_custom "CF-Worker:$http_cf_worker"'
Related Resources