search close

X-SigSci-* Request Headers

access_time Updated Jan 11, 2022

Starting with:

  • Agent > 1.8.386
  • NGINX Module > 1.0.0+343
  • Apache Module > 207

X-SigSci- headers are added in the incoming request. The end user (your customers) can not see them. However you internal application can use these headers for various integrations.

Note your module may alter the case (i.e.g X-SigSci-AgentResponse vs. X-Sigsci-Agentresponse) that what is listed here.


The agent will return 200 if the request should be allowed, and 406 if the request is blocked.


A request ID used for uniquely identifying this request. May not be present in all requests.


A CSV list of signals associated with this request, for example:

  • SQLI
  • TOR

See system signals for a full list of signals.

Note that IMPOSTOR should not be used at the moment as an indicator of malicious intent. Anything that appears to be a mainstream search engine is tagged with this and the exact identification is done upstream. Improvements in how this is done will be forthcoming.