I see various spellings of the non-RFC "XFF" HTTP header used for identifying the IP addresses the request has been forwarded through. Is there a difference between these different header names: X-FORWARDED-FOR, X_FORWARDED_FOR, and HTTP_X_FORWARDED_FOR? Do I need to look for all three?
PS - Yes, I know this header can be easily spoofed :)
The HTTP_ prefix is used by some languages like PHP simply to distinguish HTTP headers from other server variables:
$_SERVER['HTTP_X_FORWARDED_FOR']
The HTTP header name is actually
X-Forwarded-For
The header name itself is case insensitive. However, when you want to query a request header, programming languages are largely case sensitive about it (again, PHP is one of them).
The X- indicates that the Forwarded-For header is non-standard. I don't think there's a difference whether a language uses dashes or underscores to refer to header names.
Essentially, they're all the same header, just referred to differently by various implementations.