Cloudflare 是如何处理HTTP Request Headers的(How Does Cloudflare handle HTTP Request headers)?

我们都知道,cloudflare其实本质上就是一个反向代理(reverse proxy), 因此cloudflare 会把收到的所有的HTTP headers request原原本本的转发给你的源服务器,在此基础上还会添加一些CF自己的header.

这些header 都有一个共同的特性,就是以CF开头


Provides the client (visitor) IP address (connecting to Cloudflare) to the origin web server. 
This header will only be sent on the traffic from Cloudflare's edge to your origin webserver.

True-Client-IP (Enterprise plan only):



Maintains proxy server and original visitor IP addresses. If there was no existing X-Forwarded-For header in the request sent to Cloudflare, 
X-Forwarded-For has an identical value to the CF-Connecting-IP header


The cf-ray header is a hashed value encoding information about the data center and the visitor’s request


Contains a two character country code of the originating visitor’s country. XX is used for unknown country information


Currently, this header is a JSON object, containing only one key called “scheme”. The meaning is identical to that of X-Forwarded-Proto above - e.g. it will be either HTTP or HTTPS, 
and it is only really relevant if you need to enable Flexible SSL in your Cloudflare settings.


Allows Cloudflare to specify how many times a request can enter Cloudflare's network before it is blocked as a looping request.


The CF-Worker request header is added to an edge Worker subrequest that identifies the host that spawned the subrequest. 
This is useful when you want to protect against cross-zone worker subrequests.
You can add CF-Worker header on server logs similar to the way you add the CF-RAY header. Just add "$http_cf_worker" in the log format file: log_format cf_custom "CF-Worker:$http_cf_worker"'


$_SERVER['HTTP_CDN_LOOP']: cloudflare
$_SERVER['HTTP_CF_VISITOR']: {"scheme":"https"}
$_SERVER['HTTP_CF_RAY']: 6a4247906e83762b-EWR




Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.