Geolocation
Privacy Proxy preserves user geolocation without exposing real IP addresses. This ensures location-based services work correctly while maintaining privacy.
Many online services use IP addresses to determine user location:
- Search engines return locally relevant results.
- Content providers enforce regional licensing restrictions.
- E-commerce sites show local pricing and shipping options.
- News sites display region-specific content.
Traditional VPNs and proxies often break these services because traffic exits from data centers far from the user's actual location. Privacy Proxy solves this by selecting egress IP addresses that match the user's geographic region.
Privacy Proxy uses geohashes to preserve location without revealing precise coordinates.
A geohash ↗ is a compact representation of latitude and longitude. Geohashes use a hierarchical encoding where longer strings represent more precise locations:
| Geohash length | Approximate area |
|---|---|
| 1 character | ~5,000 km |
| 2 characters | ~1,250 km |
| 3 characters | ~150 km |
| 4 characters | ~40 km |
| 5 characters | ~5 km |
Privacy Proxy uses reduced-precision geohashes (typically four to five characters) to locate users to a city or region without pinpointing their exact location.
When a client connects to Privacy Proxy:
- The client (or first-hop proxy in double-hop deployments) determines the user's approximate location.
- The client sends a geohash in the
sec-ch-geohashheader. - Privacy Proxy validates the geohash and selects an egress IP address from a pool registered to that geographic area.
- Destination servers see the egress IP and geolocate the user to the correct region.
The sec-ch-geohash header includes the geohash and country code:
sec-ch-geohash: xn76c-JPThe format is <geohash>-<country_code>. The country code helps resolve edge cases where geohashes span country borders.
Cloudflare maintains egress IP pools in hundreds of cities worldwide. When you register egress IPs with geolocation databases, they map to specific locations.
Privacy Proxy achieves:
- City-level accuracy by default, so users get locally relevant search results.
- Country-level accuracy as a fallback if city-level is not available.
Users can opt for coarser geolocation (country and timezone only) if they prefer less precise location sharing.
A simple way to verify geolocation accuracy is to search for "pizza near me" through the proxy. If results show pizza places in the user's actual city rather than a distant data center, geolocation is working correctly.
Privacy Proxy achieves better geolocation precision over IPv6. If your origin servers support IPv6 (AAAA DNS records), the proxy prefers IPv6 egress addresses, which are registered with greater geographic precision than IPv4 equivalents.
To maximize geolocation accuracy for your users, ensure your services are reachable over IPv6.
In double-hop deployments, Proxy A (which you operate) is responsible for determining and forwarding the geohash:
- Proxy A geolocates the client's IP address.
- Proxy A converts the location to a geohash with appropriate precision.
- Proxy A includes the geohash in the forwarded CONNECT request to Proxy B.
- Proxy B (Cloudflare) selects an egress IP based on the geohash.
The geohash is cryptographically protected to prevent clients from spoofing their location.
- Geo-egress: Improving WARP user experience on a larger network ↗ - How Cloudflare implements geolocation-aware egress.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2026 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-
