That confirms what I suspected. I was wondering about putting that into the header much in the same way X-Forwarded-For does it, sounds like a possibility. Authentication is what we're doing now, and for this particular app it takes three separate nearly-consecutive logins to get in (involving hand-offs between departments when troubleshooting). It's ugly, and I would ultimately like a simpler experience for the user (which would also simplify support). I was brainstorming about IP/MAC restrictions, but that may not be the right way to go. Thanks for your help.