diff --git a/docs/refguide.xml b/docs/refguide.xml
index c752f65b7..690d5c928 100644
--- a/docs/refguide.xml
+++ b/docs/refguide.xml
@@ -3434,6 +3434,44 @@ work properly.
+
+
+ Relay TCP connections via a chain of
+ proxies.
+
+
+ proxy
+ proxies
+
+
+ Asks Nmap to establish TCP connections via the supplied chain of
+ proxies. Connections are
+ established to the first node of the chain, which is in turn asked to
+ connect to the second one... to eventually reach the target. This
+ technique degrades performance, mostly by introducing latency. It is
+ up to the user to adjust timeouts and other scan parameters
+ accordingly when invoking nmap. Typically, some proxies might refuse
+ to handle as many concurrent connections as nmap's default
+ parallelism.
+
+ The option takes a list of proxies as argument, expressed as
+ URLs like proto://host:port. Use commas to separate
+ node URLs of a chain. No authentication is supported yet. Valid
+ protocols are HTTP and SOCKS4.
+
+
+ Warning: this feature is still under development and has
+ limitations. It is implemented within the nsock library and thus has
+ no effect on the ping, port scanning and OS discovery phases. Only
+ NSE and version scan already benefit from this option. Also, SSL
+ connections are not supported yet, as well as proxy-side DNS
+ resolving (hostnames are always resolved by nmap). In other words,
+ the current implementation does not aim to provide strong
+ anonymity.
+
+
+
(Send packets with bogus TCP/UDP checksums)