What is the difference between HTTP_X_FORWARDED_FOR and HTTP_FORWARDED

I have been looking for a way to find the IP Addres开发者_运维问答s of the client and I've found both of these HTTP Headers. From what I've found they are the same thing, but HTTP_X_FORWARDED_FOR seems more widely used. Do any of you know what the difference is and if I am going to have to check both of these? Thanks.

X-Forwarded-For header is not part of RFC, hence different implementation by proxy servers. You should not rely on that value since it can be spoofed or simply not sent by proxy.

If it is important and you can afford to do it you should force requests through HTTPS and look up REMOTE_ADDR.