To maintain privacy, can I use an anonymized IP address in the X-Forwarded-For (XFF) header field?
Two options for: Policy > Header Modification > Global Rules
The anonymized IP is an IPv6 address that consists of a randomized version of the tenant ID, source IP, and the hour. The anonymized IP will be consistent for that hour and then it will change every hour on the hour. When the "Anonymize IP" address option has been selected, the IP address sent in the XFF header will change to an anonymous IPv6 address, regardless of whether the source IP address is IPv4 or IPv6.
The default option set in the Cloud SWG (formerly known as WSS) portal is to use the original source IP.
To use anonymous IPs in the XFF header:
Note: Some sites might have a problem with the fact that the X-Forwarded-For has an IPv6 address.
If the site returns an HTTP error code such as 403 Forbidden or 400 Bad Request or 500 Internal Server Errors, The following options should be followed to help address the issue.
Documentation: Anonymize Source IP Addresses in the XFF Header
"Anonymizing the XFF header...is an IPv6 address and is changed every hour."
Similar problem (failure due to IPv6 address in the XFF header):
https://knowledge.broadcom.com/external/article?articleId=264580