I’m observing the same thing as described in an older issue:
The documentation in https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers- doesn’t reflect what I am observing. The documentation says:
If an X-Forwarded-For header was already present in the request to Cloudflare, Cloudflare appends the IP address of the HTTP proxy to the header:
The example goes on and lists the origin IP of the client as the first item in the X-Forwarded-For string (separated by commas). On my server, I’m observing that if the client provides an X-Forwarded-For header, the contents of that header will be the first item, not the origin IP.
Is the documentation wrong?