X-SigSci-* request headers
Last updated 2023-10-02
X-SigSci- headers are added to incoming requests. The end user (your customers) can't see them. However, your internal application can use these headers for various integrations.
If you are using the module-agent deployment method, your deployment module may alter the case of header names (e.g.,
X-SigSci-AgentResponse may appear as
The following are
X-SigSci-AgentResponse: a code that indicates the Signal Sciences agent's decision to allow or block a request to your web application. The 200 agent response code indicates the request should be allowed, and agent response codes greater than or equal to 301 indicate the request should be blocked. For more information, check out our About agent response codes guide.
X-SigSci-RequestID: a request ID used to uniquely identify a request. Not all requests will be assigned an ID.
X-SigSci-Tags: a CSV string of comma-separated signals that are associated with a request. The header includes both system and custom signals (e.g.,
SQLI, XSS, NOUA, TOR, SITE.CUSTOM-SIGNAL).
Do not use the
IMPOSTORsignal as an indicator of malicious intent. Anything that appears to be a mainstream search engine is tagged with this signal and the exact identification is done upstream.