A companion filter to X-Forwarded-For that propagated the authenticated username through multi-hop proxy chains for visibility at every point.
X-Username addressed a specific enterprise problem: when multiple proxy servers were chained together, the username could typically only be logged at the point of authentication. X-Username for TMG, ISA Server and IIS enabled the username to be tracked at any point in the proxy chain.
This was particularly useful for log analysis when branch offices connected to the Internet via a head office proxy server, and when username attribution was required on a web server for accurate reporting and analysis.
Outbound from TMG/ISA: X-Username added an X-Username field to the HTTP header of web requests leaving the proxy server. The new field contained the username of the user who authenticated the connection from their web browser.
Inbound into TMG/ISA: If the server received a request containing the X-Username field, the filter logged the value as the username instead of the connection account (typically anonymous) of the requesting proxy server. Any proxy-to-proxy authentication was preserved in the Filter Information field.
If the server was the last proxy in a forward proxy chain, the header was removed by default for security. In a reverse proxy scenario the header was forwarded to the published web server for processing.