[Personalization] UserHostAddress should be populated from X-Forwarded-For header if available

Fixed in

EPiServer.Commerce 13.25.0


Sep 14, 2020


Oct 21, 2020


Closed, Fixed and tested


The default behavior when tracking is to use Request.UserHostAddress inside the tracking data. This value does not correctly identify the client's IP address if the traffic between client and server passes thru any proxies.

We should prefer to pick the client's IP from the X-Forwarded-For request header, if available. The SkipUserHostTracking config setting should still be respected.