---
title: Fastly-Client-IP
summary: null
url: >-
  https://www.fastly.com/documentation/reference/http/http-headers/Fastly-Client-IP
---



`Fastly-Client-IP` is a proprietary header used by Fastly Delivery services. Fastly both reads this header from incoming requests and writes it into requests as they flow through the network.

When Fastly receives a request that does not include a `Fastly-Client-IP` header, we will add one, set to the current value of `client.ip`. This provides convenient access to the IP address that Fastly regards as the client making the request.

In contrast, `client.ip` is always the immediate client of the current server. In Fastly terms, this means that in services that use [shielding](https://www.fastly.com/documentation/guides/concepts/shielding/), the `client.ip` may be another Fastly server, not the 'actual' client. `Fastly-Client-IP` doesn't change when being forwarded from one Fastly server to another, so it will always represent the value of `client.ip` that was first seen by Fastly.

It is also distinct from the values of the `X-Forwarded-For` header, which will additionally reflect any other downstream clients beyond the immediate one. Essentially, `Fastly-Client-IP` is the non-Fastly thing that is making the request to Fastly. If it is actually another proxy making the request on behalf of someone else, that won't change `Fastly-Client-IP`, but the additional downstream IPs *should* be included in the X-Forwarded-For header.

The value is not protected from modification at the edge of the Fastly network, so if a client sets this header themselves, we will use it. If you want to prevent this, set the value yourself in VCL:

```vcl context="vcl_recv { ... }"
if (fastly.ff.visits_this_service == 0 && req.restarts == 0) {
  set req.http.Fastly-Client-IP = client.ip;
}
```