Use this reference page for details about what HTTP headers are supported . To understand how App Engine receives requests and sends responses, see How Requests Are Handled.
An incoming HTTP request includes the HTTP headers sent by the client. For security purposes, some headers are sanitized or amended by intermediate proxies before they reach the application.
Headers that match the following pattern are removed from the request:
In addition, some selected headers that match the following pattern are removed from the request:
App Engine-specific headers
As a service to the app, App Engine adds the following headers to all requests:
Via: "1.1 google"
- Country from which the request originated, as an ISO 3166-1
alpha-2 country code. App
Engine determines this code from the client's IP address. Note that the country
information is not derived from the WHOIS database; it's possible that an IP
address with country information in the WHOIS database will not have country
information in the
X-AppEngine-Countryheader. Your application should handle the special country code
- Name of region from which the request originated. This value only makes
sense in the context of the country in
X -AppEngine-Country. For example, if the country is "US" and the region is "ca", that "ca" means "California", not Canada. The complete list of valid region values is found in the ISO-3166-2 standard.
- Name of the city from which the request originated. For example, a request
from the city of Mountain View might have the header value
mountain view. There is no canonical list of valid values for this header.
- Latitude and longitude of the city from which the request originated. This string might look like "37.386051,-122.083851" for a request from Mountain View.
X-Forwarded-For: [CLIENT_IP(s)], [global forwarding rule IP]
A comma-delimited list of IP addresses through which the client request has been routed. The first IP in this list is generally the IP of the client that created the request. The subsequent IPs provide information about proxy servers that also handled the request before it reached the application server. For example:
X-Forwarded-For: clientIp, proxy1Ip, proxy2Ip
X-Forwarded-Proto [http | https]
httpsbased on the protocol the client used to connect to your application.
The Google Cloud Load Balancer terminates all
https connections, and then
forwards traffic to App Engine instances over
http. For example, if a user
requests access to your site via
https://[MY-PROJECT-ID].appspot.com, the X-
Forwarded-Proto header value is