Zero Signup ToolsFree browser tools

Developer Tools

Forwarded Header Builder

Build, parse, and validate the RFC 7239 Forwarded HTTP header in your browser. Also converts legacy X-Forwarded-For, Host, Proto, and Port to Forwarded.

RFC 7239

Paste a Forwarded request header from a reverse proxy log, capture, or test request. The leading Forwarded: prefix is optional.

Samples

2 forwarded-elements parsed, header prefix stripped

0 errors, 0 warnings. Elements are ordered from the closest proxy to the origin (first) to the original client (last) per RFC 7239 Section 5.2.

  1. for=192.0.2.43;by=_proxy1;proto=https;host=example.com

    by
    _proxy1obfuscated
    for
    192.0.2.43IPv4
    host
    example.com
    proto
    https

  2. for=198.51.100.17;by=_proxy2

    by
    _proxy2obfuscated
    for
    198.51.100.17IPv4
    host
    (not set)
    proto
    (not set)

Equivalent X-Forwarded-* headers

These are the legacy headers most reverse proxies still send alongside Forwarded. The first forwarded-element supplies the host, proto, and port; every for value flows into X-Forwarded-For in original order.

X-Forwarded-For

192.0.2.43, 198.51.100.17

X-Forwarded-Host

example.com

X-Forwarded-Proto

https

X-Forwarded-Port

(not set)

Quick reference

Parameters

Four standard parameters: by (receiving proxy), for (upstream client), host (original Host header), proto (client protocol). Names are case-insensitive. New parameters must be registered with IANA.

Node identifiers

by and for accept an IPv4 address, a bracketed IPv6 address (which must be quoted), the literal unknown, or an obfuscated identifier starting with _. An optional :port may follow.

Element ordering

Multiple forwarded-elements are comma separated and ordered from the closest proxy to the origin (first) to the original client (last). This is the opposite of the X-Forwarded-For convention.

Trust boundary

Clients can forge Forwarded the same way they can forge X-Forwarded-For. Only trust the parameters added by proxies you control, and strip the rest at the edge before forwarding upstream.

How to use

  1. Pick a tab: Parse and explain to decode an existing Forwarded header, Build chain to compose a new one hop at a time, or Convert X-Forwarded to map legacy X-Forwarded-* values to RFC 7239.
  2. On Parse and explain, paste a Forwarded header value (with or without the 'Forwarded:' prefix), or tap one of the sample buttons. Each forwarded-element is shown as a hop with its by, for, host, and proto fields decoded; errors and warnings are listed inline.
  3. On Build chain, fill in by, for, host, and proto for each hop. Add or remove hops with the buttons; IPv6 addresses are auto-bracketed and quoted. Copy the formatted header or one of the Nginx, Apache, HAProxy, Express, Next.js, Caddy, or Go snippets.
  4. On Convert X-Forwarded, paste the X-Forwarded-For, Host, Proto, and Port values your reverse proxy currently emits. The tool produces a single equivalent Forwarded header and explains the proxy ordering convention so the result is unambiguous.
  5. Use the quick reference panel at the bottom for the standard parameter list, node identifier grammar, element ordering rules, and trust boundary guidance from RFC 7239.

About this tool

Forwarded Header Builder is a browser-only tool for the standardized HTTP Forwarded request header defined by RFC 7239. The Forwarded header replaces the de-facto X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Proto, and X-Forwarded-Port set with one structured value that records the chain of proxies between the original client and the origin server. The Parse and explain tab accepts any Forwarded value (with or without the leading 'Forwarded:' prefix), splits it into one element per proxy hop, decodes the four standard parameters (by, for, host, proto), validates IPv4 and bracketed IPv6 node identifiers, surfaces grammar errors (unquoted IPv6, missing brackets, duplicate parameters, invalid tokens, ports out of range, unknown parameter names that have not been registered with IANA), and shows the equivalent legacy X-Forwarded-* values for side-by-side comparison. The Build chain tab composes a multi-hop Forwarded value one hop at a time, auto-brackets and auto-quotes bare IPv6 addresses, supports the literal 'unknown' and obfuscated '_xxx' identifiers, and emits ready-to-paste snippets for Nginx, Apache, HAProxy, Express, Next.js Route Handlers, Caddy, and Go reverse-proxy bridges. Presets cover the most common shapes: single edge proxy, two-proxy chain, Cloudflare edge to origin, IPv6 client, and a privacy-preserving setup with obfuscated identifiers. The Convert X-Forwarded tab takes the four legacy header values and emits a single equivalent Forwarded header with notes about ordering (X-Forwarded-For is left-to-right from the original client; Forwarded orders elements from the closest proxy to the origin first) and trust boundaries. Useful for SREs configuring reverse proxies, backend developers implementing trust-proxy logic, security engineers auditing forwarded-IP handling for spoofing, and anyone debugging why a request behind a load balancer sees a private IP instead of the real client. Everything runs locally; the header values you paste never leave your browser.

Free to use. Works in your browser. No signup, no login.

Related tools

You may also like

All tools
Developer

HTTP Headers Parser

Parse, classify, and decode HTTP headers, with a missing security headers audit.

Open tool

Developer

Cache-Control Header Builder

Build and parse Cache-Control headers with directive flags, max-age presets, conflict checks, and ready-to-paste server snippets.

Open tool

Developer

Set-Cookie Builder

Form-driven Set-Cookie header builder with conflict warnings and server snippets.

Open tool

Developer

Retry-After Header Builder

Build delay-seconds or HTTP-date Retry-After values and parse any incoming header.

Open tool

Developer

HTTP Link Header Builder

Build RFC 8288 Link headers with preload, canonical, hreflang, and parse existing values.

Open tool

All toolsDeveloper Tools