X-SigSci-* request headers

Starting with:

  • Agent > 1.8.386
  • NGINX Module > 1.0.0+343
  • Apache Module > 207

X-SigSci- headers are added in the incoming request. The end user (your customers) can not see them. However you internal application can use these headers for various integrations.

Note your module may alter the case (e.g., X-SigSci-AgentResponse vs. X-Sigsci-Agentresponse) that what is listed here.


The agent will return 200 if the request should be allowed, and 406 if the request is blocked.


A request ID used for uniquely identifying this request. May not be present in all requests.


A CSV list of signals associated with this request, for example:

  • SQLI
  • TOR

This list includes custom signals added by rules. See system signals for a full list of default system signals.

Note that IMPOSTOR should not be used at the moment as an indicator of malicious intent. Anything that appears to be a mainstream search engine is tagged with this and the exact identification is done upstream. Improvements in how this is done will be forthcoming.

Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.