jdMorgan - 12:34 am on Oct 27, 2010 (gmt 0)
Via and X-Forwarded-For the ones most often received on my servers. Via most often, often with X-Forwarded-For, rarely with Forwarded, and even more rarely with any of the other proxy-related headers.
However, I only log all these headers when responding with a 403-Forbidden, and that may well skew my view of how common each of these headers may be in "acceptable" requests.
To be clear, I do not block requests solely because a proxy is being used. I may block that proxy's IP address range, I may block because *any* of the HTTP request headers are malformed, missing, or inappropriate to the request being made, but not simply because a proxy is in use.
Again, since I only log these proxy headers for rejected requests, take care in interpreting my data...