There is no "full specification" -- it's a de facto standard. The X-
in front of a header name customarily* has denoted it as experimental/non-standard/vendor-specific. Once it's a standard part of HTTP, it'll lose the prefix.
There's some work from the IETF on standardizing it, but it's just at the draft stages, as far as i can tell. Check out https://datatracker.ietf.org/doc/html/draft-ietf-appsawg-http-forwarded-10 for the latest draft as of the time of this writing. But be aware that it can change at any time while it's being fleshed out, and don't rely on it in production stuff yet.
Update:
RFC 7239 now defines the Forwarded:
header, which is intended to replace X-Forwarded-*
. If you care about standards, i would recommend using that instead.
* This used to be an official thing, but no longer is. RFC 6648 deprecates the X-
prefixing convention. Unfortunately, the convention is so widely known (and the deprecation so low-key) that most people outside the IETF will probably ignore the recommendation.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…