| Name | Description | Example |
|---|---|---|
| X-Requested-With | Mainly used to identify Ajax requests. Most JavaScript frameworks send this field with value of XMLHttpRequest | X-Requested-With: XMLHTTPRequest |
| X-Forwarded-For | A de facto standard for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer. Superseded by Forwarded header. | X-Forwarded-For: client1, proxy1, proxy2 X-Forwarded-For: 129.78.138.66, 129.78.64.103 |
| X-Forwarded-Host | A de facto standard for identifying the original host requested by the client in the Host HTTP request header, since the host name and/or port of the reverse proxy (load balancer) may differ from the origin server handling the request. Superseded by Forwarded header. | X-Forwarded-Host: en.wikipedia.org |
| X-Forwarded-Proto | A de facto standard for identifying the originating protocol of an HTTP request, since a reverse proxy (or a load balancer) may communicate with a web server using HTTP even if the request to the reverse proxy is HTTPS. An alternative form of the header (X-ProxyUser-Ip) is used by Google clients talking to Google servers. Superseded by Forwarded header. | X-Forwarded-Proto: https |
| X-Http-Method-Override | Requests a web application to override the method specified in the request (typically POST) with the method given in the header field (typically PUT or DELETE). This can be used when a user agent or firewall prevents PUT or DELETE methods from being sent directly (note that this is either a bug in the software component, which ought to be fixed, or an intentional configuration, in which case bypassing it may be the wrong thing to do). | X-HTTP-Method-Override: DELETE |
| X-Wap-Profile | Links to an XML file on the Internet with a full description and details about the device currently connecting. In the example to the right is an XML file for an AT&T Samsung Galaxy S2. | x-wap-profile: http://wap.samsungmobile.com/uaprof/SGH-I777.xml |
| X-ATT-DeviceId | Allows easier parsing of the MakeModel/Firmware that is usually found in the User-Agent String of AT&T Devices | X-Att-Deviceid: GT-P7320/P7320XXLPG |
| X-UIDH | Server-side deep packet insertion of a unique ID identifying customers of Verizon Wireless; also known as "perma-cookie" or "supercookie" | X-UIDH: … |
| X-Csrf-Token | Used to prevent cross-site request forgery. Alternative header names are: X-CSRFToken and X-XSRF-TOKEN | X-Csrf-Token: i8XNjC4b8KVok4uw5RftR38Wgp2BFwql |
| X-Request-ID, X-Correlation-ID | Correlates HTTP requests between a client and server. | X-Request-ID: f058ebd6-02f7-4d3f-942e-904344e8cde5 |
| X-Host | Alternative for Host header | X-Host: example.org |
| X-Original-URL | override the request's path | X-Original-URL: /admin |
| X-Rewrite-URL | override the request's path | X-Rewrite-URL: /admin |
| X-Do-Not-Track | Used by clients to prevent tracking | |
| X-UA-Compatible | Used by Internet Explorer to signal which document mode to use. |