Skip to main content
Question

Disable outgoing XFF-Header to hide public ip of clients?

  • August 30, 2024
  • 4 replies
  • 841 views
S

Hi all,

 

because of privacy reasons, we don’t want Netskope to pass along the X-Forwarded-For-Header containing the public IP address of our users to the Internet..

 

The following website tests can be used to prove that Netskope always provides this information.

notskope.com

Browser Spy (gaijin.at)

 

How can we disable this Feature of Netskope? We don’t want Netskope to pass along the original public IP of our users ...

The setting for the XFF Header unser Settings → Security CLoud Plattform is set to “Do not trust” but it has obviously nothing todo with our problem:

 

In our current on-premise proxy we had the option to remove theXFF Information:

 

    This topic has been closed for replies.

    4 replies

    Rohit_Bhaskar
    Netskope Employee
    Forum|alt.badge.img+20
    • Rohit_Bhaskar
    • Netskope Employee
    • 492 replies
    • September 3, 2024

    Hi Steff,

    I had a discussion with the team and happy to shae that the team is working on solution, few things they are exploring and will share updates accordingly. The request is feasible in your specific use case. 

    @Rudi and Team is working on the same. I’ll keep you posted on the same.

    Best Wishes, Rohit Bhaskar
    A
    Forum|alt.badge.img+2
    • alvarocervantes
    • New Member III
    • 3 replies
    • April 11, 2025

    Any news about this feature? I am interested on it as well.

    S
    Netskope Employee
    Forum|alt.badge.img+16
    • sshiflett
    • Netskope Employee
    • 277 replies
    • April 14, 2025

    @alvarocervantes

    I’m not sure about the future request/solution referenced above but you can contact support for options on disabling XFF for specific sites or your entire tenant in the interim. 

    Sam Shiflett | Netskope Solution Architect - North America
    A
    Forum|alt.badge.img+2
    • alvarocervantes
    • New Member III
    • 3 replies
    • April 14, 2025

    Thanks sshifter, I do believe the XXF IP is most likely the ISP and not the local network IP, but I have not fully tested to know for sure this is statement is true. 

     

    Badges Winner

    Show all badges

    Not finding what you're looking for?

    Don't be shy and let us know about your challenge.

    Ask your question here!
    Terms & ConditionsCookie settingsAccessibility statement