Replace header "X-Forwarded-For" to standard header "Forwarded"

[virgil]

See: https://en.wikipedia.org/wiki/X-Forwarded-For#.22Forwarded.22_Header

[evilaliv3]

@virgil i do not think it will be a good idea to REPLACE, but we will simply "EVALUATE BOTH".

let me clarify why and how we are using the x-forwarded-for as it is used in various ways and for varios reasons:

1. tor2web makes use of the x-forwarded-for to recognize the user ip and detect if the user is coming from Tor
2. tor2web deletes the x-forwarded-for header from the request in order to remove the ip of the admin; to be keep in mind that this can break some apps but it's important for us to try to protect the privacy of the user.

in relation to both 1) and 2) we should evaluate the implementation of the new "Forward" header checks and eventually decide the priority order for 1) among the de facto standard and the new standard.

i'm wondering if in relation to the privacy concern (point 2) we should always stript the ip removal by at least replacing always the ip address that we recognize for the user with "" in every header/upstream content; what do you think @fpietrosanti / @vecna / @hellais in relation to the globaleaks project?

[virgil]

Obviously don't include the for=; it's an optional parameter. Just use the "proto" and "host"

And voila. A standards as well as privacy compliant version of X-forwarded-for