You want to enable the HTTP header, x-forwarded-for, for only specific users/IPs or specific websites.
The x-forwarded-for HTTP header can be added to all traffic that traverses a ProxySG appliance globally by running the following from the CLI:
Enter configuration commands, one per line. End with CTRL-Z.
ProxySG#(config)http add-header x-forwarded-for
However, sometimes you may just need the header enabled for specific sites or specific users.
You can add the x-forwarded-for HTTP header via policy by using the specific triggers (source, destination address, etc). The below example provides the steps to configure an action object via the Visual Policy Manager, (VPM):
Note: This will append an x-forwarded-for header containing the client's original IP address, but only to HTTP requests that match the source and/or destination of the rule you created.