Upcoming change: Stripping exposed Netlify headers from function and proxy requests


We are planning to roll out a change on 2022-03-03T05:00:00Z that will remove some HTTP request headers that we propagate to Netlify Functions and to external proxy requests. These are mostly internal headers that we did not intend to expose to users so we want to ensure we don’t create a confusing experience for users building applications on Netlify.

The headers we are planning to remove are prefixed with either X-Nf- or X-Bb- . You may have seen these headers in your request logs before and wondered what they were meant for. These are mostly headers we use for internal state tracking and they don’t provide context for the end user.

We will continue to provide a few headers in this namespace that are useful for applications. The following headers will not be removed as part of this roll out:

  • X-Nf-Client-Connection-Ip
  • X-Nf-Request-Id
  • X-Nf-Sign (optional)


– Mike

1 Like

Was there a related change rolled out around this week already?

Seems event.headers['client-ip'] that used to work before does not any more, and the fallback is using event.headers['x-nf-client-connection-ip'] that is mentioned in this message. Smells related: Is the "Client-IP" header going to be supported long term? - #14 by janpio

Hi @janpio ,

Yes, it appears that we did inadvertently remove the Client-Ip from all remaining contexts earlier than the planned deprecation of the X-Nf- and X-Bb- namepaced headers later this week. We apologize for the impact here, it was thought this had already been officially deprecated.

You are correct, the x-nf-client-connection-ip header is the right one for inspecting the connecting IP address.



This topic was automatically closed after 14 days. New replies are no longer allowed.