---
title: X-Forwarded-Server
summary: null
url: >-
  https://www.fastly.com/documentation/reference/http/http-headers/X-Forwarded-Server
---

For VCL services, Fastly will add or append `X-Forwarded-Server` headers on incoming requests over TLS, as follows:

- Fastly's edge cache – if the request protocol is TLS.
- Fastly's shield cache – if the origin has a TLS configuration **and** [shielding](https://www.fastly.com/documentation/guides/concepts/shielding/) is enabled.
- Even if client connection is TLS, unless the origin connection is over TLS, nothing will be added or appended at the shield.

## Examples

| [Shielding](https://www.fastly.com/documentation/guides/concepts/shielding/) | Request Protocol | Origin Protocol | Client Header | X-Forwarded-Server                             | Note                     |
| ---------------------------------------------------------------------------- | ---------------- | --------------- | ------------- | ---------------------------------------------- | ------------------------ |
| No                                                                           | TLS              | TLS             | No            | cache-nrt6128-NRT                              | Added at edge            |
| No                                                                           | Non TLS          | TLS             | No            | null                                           |                          |
| No                                                                           | TLS              | TLS             | Yes           | Server1, cache-nrt6146-NRT                     | Appended                 |
| No                                                                           | Non TLS          | TLS             | Yes           | Server1                                        | Pass-through             |
| No                                                                           | TLS              | Non TLS         | No            | cache-nrt6128-NRT                              | Added at edge            |
| No                                                                           | Non TLS          | Non TLS         | No            | null                                           |                          |
| No                                                                           | TLS              | Non TLS         | Yes           | Server1, cache-nrt6146-NRT                     | Appended                 |
| No                                                                           | Non TLS          | Non TLS         | Yes           | Server1                                        | Pass-through             |
| Yes                                                                          | TLS              | TLS             | No            | cache-hnd18734-HND, cache-hkg17928-HKG         | Added at edge and shield |
| Yes                                                                          | Non TLS          | TLS             | No            | cache-hkg17933-HKG                             | Added at shield          |
| Yes                                                                          | TLS              | TLS             | Yes           | Server1, cache-nrt6122-NRT, cache-hkg17925-HKG | Added at edge and shield |
| Yes                                                                          | Non TLS          | TLS             | Yes           | Server1, cache-hkg17926-HKG                    | Added at shield          |
| Yes                                                                          | TLS              | Non TLS         | No            | cache-hnd18723-HND                             | Added at edge            |
| Yes                                                                          | Non TLS          | Non TLS         | No            | null                                           |                          |
| Yes                                                                          | TLS              | Non TLS         | Yes           | Server1, cache-hnd18746-HND                    | Added at edge            |
| Yes                                                                          | Non TLS          | Non TLS         | Yes           | Server1                                        | Pass-through             |

## Overriding multiple entries

To set a single value for this header, add the following to `vcl_miss` and `vcl_pass`:

```vcl
set bereq.http.X-Forwarded-Server = server.hostname;
```