Share via

APIM | Remove X-Forwarded-For header when forwarding the request to backend (SMS Service Provider)

Sairam Ganji 1 Reputation point
2026-02-13T09:50:50.34+00:00

Hello Team,

We have a similar scenario with a third-party SMS service, where we need to remove the X-Forwarded-For header from the request before it is sent to the SMS provider.

We have already tried:

Deleting the header within the <send-request> policy, and

Removing it while routing via <set-backend-service> / setting the backend URL.

In both cases, the X-Forwarded-For header is still present and is not getting removed.

Could you please confirm whether removing this header is currently supported in APIM (and if yes, the recommended approach)?

Azure API Management
Azure API Management

An Azure service that provides a hybrid, multi-cloud management platform for APIs.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pravallika KV 16,945 Reputation points Microsoft External Staff Moderator
    2026-02-13T10:27:44.4333333+00:00

    Hi @Sairam Ganji ,

    Thanks for reaching out to Microsoft Q&A.

    Currently, it seems that APIM does have some limitations regarding modifying certain headers. Specifically, headers such as X-Forwarded-For may be preserved for various routing scenarios and might not be easily removed using the standard policies you've mentioned.

    You could add a <set-header> policy to explicitly override the X-Forwarded-For header in the inbound policy section. It should look something like this:

    <inbound>
  <set-header name="X-Forwarded-For" exists-action="override">
    <value></value>
  </set-header>
</inbound>

    Ensure that the policy to remove the header is placed before any policies that may be appending or preserving headers, such as the <set-backend-service>. The order of execution is crucial in APIM.

    Use APIM's "Effective Policy" feature to check if there are other policies influencing this behavior. You can calculate the effective policy at the operation level to see if headers are being modified elsewhere.

    Ensure that your backend SMS provider isn't also set to expect X-Forwarded-For headers. Sometimes backend services might override the incoming headers.

    Hope this helps!

    If the resolution was helpful, kindly take a moment to click on 210246-screenshot-2021-12-10-121802.pngand click on Yes for was this answer helpful. And, if you have any further query do let us know.

    Was this answer helpful?

    0 comments

  2. AI answer

    2026-02-13T09:51:02.4566667+00:00

    In Azure API Management (APIM), removing the X-Forwarded-For header before forwarding a request to a backend service is not directly supported. The X-Forwarded-For header is typically added by the proxy or gateway to maintain information about the original client request, and there are limitations on modifying certain headers, including those related to forwarding.

    If you need to ensure that this header is not forwarded to the backend, you could consider implementing a workaround by using a custom policy to overwrite the header with an empty value. However, this might not effectively remove the header but could prevent it from carrying any meaningful information.

    To achieve this, you could use a <set-header> policy to set the X-Forwarded-For header to an empty value:

    <set-header name="X-Forwarded-For" exists-action="override">
    <value></value>
</set-header>

    This approach might help in scenarios where you want to neutralize the header's content, but keep in mind that the header itself may still be present in the request sent to the backend service.

    For further details on handling headers in APIM, you may refer to the official documentation.

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.