[thayne]

The untrusted header problem could potentially be fixed by having the reverse proxy embed all the trusted information in a specific header, and then it just has to make sure that one header is stripped from the request. Unfortunately, there isn't (yet) a standard for that.

Or you could use something like haproxy's proxy protocol (although that may not support all the information you want, and doesn't work for multiplexing).

Edit: actually the "Forwarded" header kind of fills that niche. Although you may want extensions for things like the client certificate.

[max_k]

FastCGI has "parameters" and HTTP headers are special parameters starting with "HTTP_" (mimicking CGI's environment variables). All parameters not starting with "HTTP_" can be trusted because only the web server (= FastCGI client) can construct them.

[XYen0n]

Unfortunately, it appeared too late, and the relevant support is now far less complete than that for `X-Forwarded-*`.