[ColdHeat]

I used to use this site until I found https://checkip.amazonaws.com/. Switched because I wasn't sure who was behind icanhazip.com and it's tough to beat AWS. Glad to hear that it will likely be maintained for awhile longer!

[madars]

Something to be aware of: checkip.amazonaws.com will happily return an X-Forwarded-For address https://stackoverflow.com/questions/52618096/under-what-circ...

[kortilla]

Use https

[lucb1e]

That has nothing to do with an HTTP header. See for yourself:

    $ curl -HX-Forwarded-For:127.0.0.1 https://checkip.amazonaws.com
    127.0.0.1

[thewakalix]

HTTPS encrypts headers, thereby preventing other people from adding headers to your request. Typically people are not adding X-Forwarded-For to their own requests.

[lucb1e]

I'm not arguing either point, I just pointed out that headers are independent of whether you use encryption. But now that I'm thinking about it for a sec, you might want to know what the proxy's exit IP is, and if the proxy adds an XFF Header then you just learn your own IP which wasn't what you wanted. If that is what GGGP meant.

[gruez]

I think the point is to prevent middleboxes (eg. caching proxy servers) from interfering with the request. Otherwise I don't really see the issue with the ip address being affected by X-Forwarded-For. You can just... not specify the header.

[kortilla]

Headers don’t get injected on you unexpectedly if you encrypt.

[epse]

Does that one only do IPv4?

[bombcar]

Seems so. But ipv6 is much more likely that your local address IS your global one though translation still can occur.