HTTP headers
This page documents the HTTP headers used by Privacy Proxy for authentication, geolocation, and observability.
Clients include the following headers when connecting to Privacy Proxy.
Authenticates the client to the proxy. Required for all requests.
Pre-shared key format:
Proxy-Authorization: Preshared <key>Privacy Pass token format:
Proxy-Authorization: PrivateToken token=<base64-encoded-token>| Parameter | Description |
|---|---|
<key> | The pre-shared key provided by Cloudflare |
<base64-encoded-token> | A base64-encoded Privacy Pass token |
Specifies the client's geographic location for egress IP selection. Optional but recommended for accurate geolocation.
sec-ch-geohash: <geohash>-<country_code>| Parameter | Description |
|---|---|
<geohash> | A geohash ↗ string (typically 4-8 characters) |
<country_code> | ISO 3166-1 alpha-2 country code |
sec-ch-geohash: u4pruydqqvj-GBThis example specifies a location in the United Kingdom.
Privacy Proxy includes the following headers in responses.
Provides timing information about proxy processing. Use this to measure latency introduced by the proxy.
Server-Timing: proxy;dur=<milliseconds>| Parameter | Description |
|---|---|
<milliseconds> | Processing time in milliseconds |
Server-Timing: proxy;dur=8.2A complete CONNECT request to Privacy Proxy looks like this:
CONNECT example.com:443 HTTP/2Host: example.comProxy-Authorization: Preshared abc123xyzsec-ch-geohash: 9q8yy-USThe proxy responds with a status code indicating success or failure:
| Status | Meaning |
|---|---|
200 OK | Tunnel established successfully |
403 Forbidden | Authentication failed |
502 Bad Gateway | Could not connect to destination |
503 Service Unavailable | Proxy temporarily unavailable |
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2026 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-
