HTTP Header Logging
Focus
Focus

HTTP Header Logging

Table of Contents
End-of-Life (EoL)

HTTP Header Logging

Enable HTTP Header Logging in URL Filtering profiles if you want the firewall to log the HTTP header attributes included in web requests.
URL filtering provides visibility and control over web traffic on your network. For improved visibility into web content, you can configure the URL Filtering profile to log HTTP header attributes included in a web request. When a client requests a web page, the HTTP header includes the user agent, referer, and x-forwarded-for fields as attribute-value pairs and forwards them to the web server. When enabled for logging HTTP headers, the firewall logs the following attribute-value pairs in the URL Filtering logs.
You can also use HTTP headers to manage access to SaaS applications. You don’t need a URL Filtering license to do this, but you must use a URL Filtering profile to turn this feature on.
Attribute
Description
User-Agent
The web browser that the user used to access the URL, for example, Internet Explorer. This information is sent in the HTTP request to the server.
The HTTP header does not contain the full string for the User Agent. The maximum logged bytes from the packet preceding the packet containing the header-end is 36 bytes.
Referer
The URL of the web page that linked the user to another web page; it is the source that redirected (referred) the user to the web page that is being requested.
X-Forwarded-For (XFF)
The option in the HTTP request header field that preserves the IP address of the user who requested the web page. If you have a proxy server on your network, the XFF allows you to identify the IP address of the user who requested the content, instead of only recording the proxy server’s IP address as source IP address that requested the web page.
Headers Inserted
The type of header and the text of the header that the firewall inserts.