The X-Forwarded-For HTTP request header was introduced by the Squid caching proxy server's developers.
The usefulness of XFF depends on the proxy server truthfully reporting the original host's IP address; for this reason, effective use of XFF requires knowledge of which proxies are trustworthy, for instance by looking them up in a whitelist of servers whose maintainers can be trusted.
Examples:[3] Because the X-Forwarded-For header is not formally standardized, some variations to the IP address format exist.
Examples: The X-Forwarded-For header is added or edited by HTTP proxies when forwarding a request.
A web server should log both the request's source IP address and the X-Forwarded-For field information for completeness.