The XFF header is set a lot more commonly, and this gives the app the freedom to be implicitly compatible with a lot more reverse proxy servers than the Forwarded header without needing special configuration.
Moreover, the Forwarded header has all the security pitfalls of the XFF header.
Moreover, the Forwarded header has all the security pitfalls of the XFF header.