HTTP_CF_CONNECTING_IP header delivers IPv6 for macOS/iOS users since yesterday

I don’t know why, but since yesterday the HTTP_CF_CONNECTING_IP header contains an IPv6 address in some cases. I don’t know what’s happened, but looks like it has something to do with Cloudflare and Apple’s Safari on macOS/iOS.

Some more details

  • First time of occurrence: Friday, 27. May 2022 03:00:05 (GMT)
  • Only some (not all) Safari macOS/iOS user agents are affected
  • IPv6 is disabled for my zone
  • There does not exist any AAAA-Record for my domain
  • My server does not handle/accept IPv6 requests
  • 49 occurrences since yesterday till now
  • Around 2000 unique visitors each day are visiting my website

In comparison to the visitors the issue happens very rarely. Something has changed yesterday on Cloudflare’s end which interacts with newer macOS/iOS devices and the Safari webbrowser.
I’m on the free plan and not to be able to create a support ticket. But this is something I can’t fix. Also this could affect other users without their knowledge.

Some affected user agents (lowest to highest version):

Mozilla/5.0 (iPhone; CPU iPhone OS 15_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Mobile/15E148 Safari/604.1
Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/102.0.5005.67 Mobile/15E148 Safari/604.1
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/605.1.15

I hope this issue is read and can handled by the Cloudflare tech team. I’m pretty sure it’s a general issue.
Thanks for reading.

Hi, We are having the same issues with ipv6 in HTTP_CF_CONNECTING_IP with disable ipv6 for zone. It started about 27 of May.
As temp workaround we enabled Pseudo IPv4 Overwrite Headers (

1 Like

Thanks for your reply. Are the pseudo IPv4 headers dedicated to the specific user or are they shared between multiple users?

I don’t understand why only Safari browsers are affected. It seems to be a bug in Cloudflare’s side?

‘Pseudo IPv4 headers’ does a mapping between IPv6 address and Class E IPv4 address.
So after enabling it, you could see something like in HTTP_CF_CONNECTING_IP.
It’s not a random mapping. So for a constant ipv6 there is a constant ipv4 mapping from range.

i don’t know either how ipv6 ips reach CF in a first place.

1 Like

Can you share a domain name?

Purely to satisfy my own curiosity, why did you want to disable IPv6?

Due privacy reasons I can’t share any information in public.
The used software on the server only supports IPv4 at the moment.

The same Due privacy reasons I can’t share any information in public.

I am considering the possibility that these users are connected to Cloudflare WARP.

WARP is a VPN that connects users directly to Cloudflare’s Edge. This will provide IPv4 connectivity for IPv6-only clients and vice versa. Cloudflare will restore the original IP of these users - this could be an IPv6 address.

Not sure how to determine if this is the case. I also don’t think there’s a way to block WARP users even if you wanted - not that I think you should.

Thanks for your response @albert. I agree, that could be the issue. Thanks for pointing that!

But why it has started on May 27 suddenly? As far I understand the service, the client has to install the WARP app or configure the usage manually. Also WARP is not a new service. Maybe a Safari or OS update? Still only iOS/macOS agents are affected.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.