Skip to main content
Explainer · networking

What is a proxy server?

A proxy server is an intermediary that makes requests on your behalf — a relay that sits between one side of a connection and the other. The single most useful idea to hold onto is that proxies come in two mirror-image flavours: one that stands in front of clients, and one that stands in front of servers. Get that distinction and the rest falls into place.

The one-sentence definition

A proxy server is a machine that makes network requests on behalf of something else and relays the responses back. Instead of your computer talking directly to a website, it hands the request to the proxy, the proxy fetches the page, and the proxy passes the result back to you. From the website's point of view, the request came from the proxy, not from you. That indirection is the whole point: a proxy inserts a controllable, observable middle step into a conversation that would otherwise be direct.

Because it sits in the middle, a proxy can do useful things to the traffic passing through — hide the real endpoints, cache repeated requests, filter content, balance load, or terminate encryption. Which of those it does depends almost entirely on which end of the connection it is protecting, which is the distinction we turn to next.

Forward proxy vs reverse proxy — the core distinction

Almost everything confusing about proxies dissolves once you separate these two. They use the same relay mechanism but point in opposite directions and serve opposite owners.

A forward proxy represents the client

A forward proxy sits on the client side of the internet. Your devices are configured to send their outbound traffic to it, and it forwards that traffic on to whatever destinations they asked for. The destination server sees the proxy's address, not the client's — so a forward proxy can hide the client's IP address from the sites it visits.

Forward proxies are the classic corporate and privacy tool. Typical jobs:

A reverse proxy represents the server

A reverse proxy sits on the server side. It accepts inbound requests from the internet and forwards them to one or more backend servers hidden behind it. The client thinks it is talking to a single server; in reality the reverse proxy is fronting a whole fleet. Where a forward proxy hides the client, a reverse proxy hides the origin servers.

This is how a huge fraction of the modern web is served. Typical jobs:

Nginx and HAProxy are common self-hosted reverse proxies; Cloudflare is a widely used reverse proxy delivered as a service. If you have ever seen a site “protected by Cloudflare,” you have met a reverse proxy — it stands in front of the real origin, absorbing traffic and hiding the server's true address.

Proxy types by protocol

Forward proxies are often described by the protocol they speak, because that determines what they can and cannot do to your traffic.

Transparent, anonymous, and elite proxies

Forward proxies are also graded by how much they reveal about the client and about themselves. The differences come down to which HTTP headers, such as X-Forwarded-For, they add or strip.

You can see part of this picture from the receiving end. Our what websites see page shows the headers and address a server actually receives from you, which is exactly the information a proxy adds, strips, or rewrites.

What a proxy does — and does not — do

This is where proxies are most often misunderstood, usually by comparison to a VPN. The honest summary is that a plain proxy is narrower and less protective than people assume.

None of this makes proxies bad; it makes them specific. If you want the full comparison of when to reach for a proxy, a VPN, or Tor, see VPN vs proxy vs Tor, and for how a tunnel protects a whole device, see what is a VPN.

Legitimate uses for proxies

Proxies have a slightly shady reputation, but the overwhelming majority of proxy traffic is mundane infrastructure. Common legitimate uses:

Try it now

Load the IPFerret home page normally, then configure a proxy in your browser and reload. If the reported address changes to the proxy's, you are watching a forward proxy stand in for you — the site now sees the relay instead of your real connection. Check what websites see to inspect exactly which headers and address the proxy is presenting on your behalf.

Frequently asked questions

What is the difference between a forward proxy and a reverse proxy?

A forward proxy sits in front of clients and makes outbound requests on their behalf, hiding the client's IP and enabling filtering and caching. A reverse proxy sits in front of servers and accepts inbound requests on their behalf, hiding the origin and enabling load balancing, caching, TLS termination, and a WAF. Same relay concept, opposite ends: a forward proxy represents the client, a reverse proxy represents the server.

Does a proxy server encrypt my traffic like a VPN?

Usually not. A plain HTTP proxy relays traffic without adding encryption of its own, and it is application-scoped rather than device-wide. The proxy operator can often see and modify unencrypted traffic passing through it. HTTPS to the destination still protects the payload, but the proxy remains a point of trust. If you need confidentiality across the whole device, use a VPN or an encrypted tunnel rather than a bare proxy.

What is a SOCKS5 proxy and how is it different from an HTTP proxy?

An HTTP proxy understands the HTTP protocol, can cache and filter web requests, and tunnels HTTPS through the CONNECT method. A SOCKS5 proxy works lower down, forwarding raw TCP and UDP connections without caring what runs inside. That makes SOCKS5 more general purpose — it can carry email, game traffic, or peer-to-peer — but it does not cache or filter at the application layer the way an HTTP proxy can.

Related reading