This option is very dangerous to use on an EZproxy server that is not installed within a protected environment. Outside a protected environment, any remote user could insert this header in an attempt to mislead the EZproxy server regarding the user’s true remote address. Such misdirection could override security features including intruder detection by IP address and access control based on remote IP address.
This option should not be confused with Option X-Forwarded-For which performs a very different function.
OptionAcceptX-Forwarded-For is a non-repeatable position-independent config.txt directive.
Permit the forwarding of X-Forwarded-For headers into EZproxy.