You want to enable the HTTP header, x-forwarded-for, for only specific users/IPs or specific websites.

The x-forwarded-for HTTP header can be added to all traffic that traverses a ProxySG appliance globally by running the following from the CLI:

ProxySG>enable
Enable Password:
ProxySG#config t
Enter configuration commands, one per line.  End with CTRL-Z.
ProxySG#(config)http add-header x-forwarded-for
  ok
ProxySG#(config)exit

However, sometimes you may just need the header enabled for specific sites or specific users.

 

You can add the x-forwarded-for HTTP header via policy by using the specific triggers (source, destination address, etc). The below example provides the steps to configure an action object via the Visual Policy Manager, (VPM):

1. In a Web Access Layer, create a new rule.
2. Set the source and/or destination for this new rule to specify the objects that you wish to trigger this rule.
3. Right-click the Action column in the new rule, click Set, New, Control Request Header. 
4. In the header name field, type x-forwarded-for
5. Set the value to $(client.address). 
6. Click Ok.

Note:  This will append an x-forwarded-for header containing the client's original IP address, but only to HTTP requests that match the source and/or destination of the rule you created.