To maintain privacy, use an anonymized IP in the X-Forwarded-For (XFF) field.
Cloud SWG (formerly known as WSS)
The anonymized IP is an IPv6 address that consists of a randomized version of the tenant ID, source IP, and the hour. The anonymized IP will be consistent for that hour and then it will change every hour on the hour. When the "Anonymize IP" address option has been selected, the IP address sent in the XFF header will change to an anonymous IPv6 address, regardless of whether the source IP address is IPv4 or IPv6.
The default option set in the Cloud SWG (formerly known as WSS) portal is to use the original source IP.
To use anonymous IPs in the XFF header:
Note: Some sites might have a problem with the fact that the X-Forwarded-For has an IPv6 address.
If the site returns an HTTP error code such as 403 Forbidden or 400 Bad Request, The following options should be followed to help address the issue.