Detect proxy server Address
A proxy will by default tell the destination the IP address of the original requester by adding a X-Forwarded-For HTTP header to the original HTTP request. This make it obviously easy for the server, not only to know that you are using a proxy, but also to know your actual IP address, effectively dropping your anonymity.
Then you have what is called an anonymous proxy or anonymizer. It is the very same software, however this time the proxy server has been configured in order to not add this header. The request therefore appears as originating from the proxy server itself, your own IP does not appear anywhere, thus preserving your anonymity.
However, while your anonymity remains preserved, i.e. the remote site cannot know your actual IP address, it can still determine that you are using a proxy:
- There are list of proxy servers available around the net. If a server sees an incoming request originating from an IP address belonging to such lists, then he knows nearly for sure that this request went through a proxy.
- Moreover, while the remote server does not know your IP which has been masqueraded by the proxy, all other headers composing your request generally remain untouched. These headers contains a lot of information, like your browser type and version, and the OS you are using.
If a server receives a lot of requests coming from the very same IP address, but showing each time different browsers and OSes, the chances that this IP address is a proxy are rather high. However the server will have no definitive way to tell whether it is an open poxy, that is to say a proxy usable by anyone for instance in order to remain anonymous, or a legitimate private proxy, like you could find in any corporate environment.
There could still be some more advanced checking to be done on server-side like issuing a reverse lookup to get the DNS name associated to this source IP address to check if it corresponds to some well-known proxy services providers, but these may be heavier to put in place and be more error-prone than the X-Forwarded-For header or the known proxies IP lists. You can find some more techniques on this interesting answer.