Which HTTP headers should be skipped after going though a proxy?

Question

I have a PHP proxy which receives a HTTP request and changes one of the headers of the HTTP request. Once the HTTP request leaves the proxy, most of the headers should be propagated from the original request (the one received by the proxy) together with the body of the request.

This is how I do the propagation in my code:

foreach (getallheaders() as $name => $value) {
        if (($name != "Server") || ($name != "Connection") ||
                ($name != "Host") || ($name != "Cache-Control") ||
                ($header != "Content-Length")) {
            array_push($headers, "$name: $value");
        }
    }
//this is where I set the headers of the new request
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

My question: Have I covered all the headers that are not supposed to be propagated in the new request? If not, which headers should I not propagate?

Thank you in advance.

Answer 1

According to RFC 2616,

The following HTTP/1.1 headers are hop-by-hop headers:

- Connection
- Keep-Alive
- Proxy-Authenticate
- Proxy-Authorization
- TE
- Trailers
- Transfer-Encoding
- Upgrade

All other headers defined by HTTP/1.1 are end-to-end headers.

So, the list of skipped headers in your code look like significantly differt to the proposed list. For example, neither Server, nor Host, nor Cache-Control, nor Content-Length seems appropriate for removal.

Also, bear in mind that proxies can be transparent or not, by design. Depending from this you may consider preserving as many headers as possible.