Technical Summary
This document standardizes an HTTP extension header field that allows
proxy components to disclose information lost in the proxying
process, such as the originating IP address of a request and the IP address
of the proxy on the user-agent-facing interface. Given a trusted
path of proxying components, this makes it possible to arrange it so
that each subsequent component will have access to, for example, all IP
addresses used in the chain of proxied HTTP requests.
This document is meant to replace several ad-hoc solutions already
deployed today.
Working Group Summary
Nothing worth noting.
Document Quality
There are several implementations of similar header fields already in use.
Personnel
Alexey Melnikov is the document shepherd. Barry Leiba is the responsible AD.
RFC Editor Note:
1. In the ABNF in Section 4, there are two items that have angle-bracketed text in them:
token = <Defined in
[I-D.ietf-httpbis-p1-messaging], Section 3.2.4>
quoted-string = <Defined in
[I-D.ietf-httpbis-p1-messaging], Section 3.2.4>
The line breaks are artifacts of the editing and the length of the reference text. It's important that in the final version, there be no line break between the "<" and the ">". For example:
token = <Defined in [RFC9999], Section 3.2.4>
2. Please make the following change in Section 8.3, paragraph 1:
OLD
A proxy that intends or is widely used to anonymize the user
MUST NOT use the header field described in this document.
NEW
A proxy that intends to or is widely used to anonymize the user
MUST NOT use the header field described in this document.
For any proxy, if the HTTP request contains header fields that
specifically request privacy semantics, the proxy SHOULD NOT
use the header field described in this document.