Protocol support for HTTP headers in Azure Front Door Service

This article outlines the protocol that Front Door Service supports with parts of the call path (see image). The following sections provide more information about HTTP headers supported by Front Door Service.

Azure Front Door Service HTTP headers protocol

Important

Front Door Service doesn't certify any HTTP headers that aren't documented here.

Client to Front Door Service

Front Door Service accepts most headers from the incoming request without modifying them. Some reserved headers are removed from the incoming request if sent, including headers with the X-FD-* prefix.

Front Door Service to backend

Front Door Service includes headers from an incoming request unless removed because of restrictions. Front Door also adds the following headers:

Header Example and description
Via Via: 1.1 Azure
Front Door adds the client's HTTP version followed by Azure as the value for the Via header. This indicates the client's HTTP version and that Front Door was an intermediate recipient for the request between the client and the backend.
X-Azure-ClientIP X-Azure-ClientIP: 127.0.0.1
Represents the client IP address associated with the request being processed. For example, a request coming from a proxy might add the X-Forwarded-For header to indicate the IP address of the original caller.
X-Azure-SocketIP X-Azure-SocketIP: 127.0.0.1
Represents the socket IP address associated with the TCP connection that the current request originated from. A request's client IP address might not be equal to its socket IP address because it can be arbitrarily overwritten by a user.
X-Azure-Ref X-Azure-Ref: 0zxV+XAAAAABKMMOjBv2NT4TY6SQVjC0zV1NURURHRTA2MTkANDM3YzgyY2QtMzYwYS00YTU0LTk0YzMtNWZmNzA3NjQ3Nzgz
A unique reference string that identifies a request served by Front Door. It's used to search access logs and critical for troubleshooting.
X-Azure-RequestChain X-Azure-RequestChain: hops=1
A header that Front Door uses to detect request loops, and users should not take a dependency on it.
X-Forwarded-For X-Forwarded-For: 127.0.0.1
The X-Forwarded-For (XFF) HTTP header field often identifies the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer. If there's an existing XFF header, then Front Door appends the client socket IP to it or adds the XFF header with the client socket IP.
X-Forwarded-Host X-Forwarded-Host: contoso.azurefd.net
The X-Forwarded-Host HTTP header field is a common method used to identify the original host requested by the client in the Host HTTP request header. This is because the host name from Front Door may differ for the backend server handling the request.
X-Forwarded-Proto X-Forwarded-Proto: http
The X-Forwarded-Proto HTTP header field is often used to identify the originating protocol of an HTTP request because Front Door, based on configuration, might communicate with the backend by using HTTPS. This is true even if the request to the reverse proxy is HTTP.
X-FD-HealthProbe X-FD-HealthProbe HTTP header field is used to identify the health probe from Front Door. If this header set to 1, the request is health probe. You can use when want to strict access from paticular Front Door with X-Forwarded-Host header field.

Front Door Service to client

Any headers sent to Front Door from the backend are also passed through to the client. The following are headers sent from Front Door to clients.

Header Example
X-Azure-Ref X-Azure-Ref: 0zxV+XAAAAABKMMOjBv2NT4TY6SQVjC0zV1NURURHRTA2MTkANDM3YzgyY2QtMzYwYS00YTU0LTk0YzMtNWZmNzA3NjQ3Nzgz
This is a unique reference string that identifies a request served by Front Door. This is critical for troubleshooting as it's used to search access logs.

Next steps