<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Understanding the X-Forwarded-For Header in Okta
May 6, 2026
Administration
Okta Classic Engine
Okta Identity Engine
Overview

Okta automatically uses the public IP address of an application as the client IP address for a request. Okta supports the standard X-Forwarded-For (XFF) HTTP header to forward the originating client IP address when an application operates behind a proxy server, sign-in portal, or gateway.

Applies To
  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • X-Forwarded-For Header
Solution

How does Okta handle the X-Forwarded-For HTTP header?

Okta automatically uses the public IP address of the application as the client IP address for the request. Okta supports the standard X-Forwarded-For HTTP header to forward the originating client IP address if the application operates behind a proxy server or acts as a sign-in portal or gateway.

 

NOTE: Okta requires the allowlist in the org's network security settings to include the public IP address of the trusted web application as a trusted proxy to forward the original IP address of the user agent with the X-Forwarded-For HTTP header.

Related References

Recommended content

Still looking for help?
Loading
Understanding the X-Forwarded-For Header in Okta