Max-Forwards
Request header General

Overview

Max-Forwards limits the maximum number of proxy/gateway hops a request may traverse before reaching the final server. It is defined only for the TRACE and OPTIONS methods.

The value is a non-negative integer of remaining forwards allowed, decremented by 1 at each intermediary (e.g. `Max-Forwards: 5`).

Details

On receiving Max-Forwards, each proxy decrements it by 1 and forwards to the next hop. When it reaches 0, that proxy stops forwarding and responds itself as the final recipient. This hop-counting is analogous to IP's TTL and is used to break infinite forwarding loops and probe the path.

Combined with TRACE it becomes a diagnostic tool: a TRACE request echoes back how each proxy along the path mutates the request, and Max-Forwards lets you cap 'up to which hop' to inspect the path to a specific point. With OPTIONS you can query which methods the proxy at a given hop supports.

For practice and security, the TRACE method itself can be abused via Cross-Site Tracing (XST) to reflect cookies and auth headers, so many environments disable it — which makes Max-Forwards rarely used in the field. For methods other than TRACE/OPTIONS the header is ignored.

Syntax

Max-Forwards: <integer>

e.g. Max-Forwards: 5

Notes

Related headers

Specification