Process Request Headers Added By The Gateway

When a request is sent from a third party through the PCI Booking gateway to you, PCI Booking will add additional headers to the request processed. Some of these headers are designed for internal diagnostics in PCI Booking, some are designed to provide you with additional information and some are added as part of the processing of te request by the PCI Booking internal components.

This guide will help identify and explain each of the headers and what they should be used for.

X-Amzn-Trace-Id: Root=1-5c2a3e7f-534419405f0a9800b1ba9920
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Protocol: https
X-Forwarded-Ssl: on
X-Pcibooking-Tokenization-Warnings: [1005] Card type is missing
Header NameDescriptionShould you process this header?
X-Amzn-Trace-IdUsed for internal diagnostics in PCI Booking.We recommend keeping the value of this header for logging purposes - however not required.
X-Forwarded-ForA list of IP addresses that processed this message - starting from the third party and ending with PCI Booking.
Read more on processing the list of IP addresses
We recommend processing the list of IP addresses - particularly if you perform any type of IP address whitelisting.
X-Forwarded-PortThe port in which the request was forwarded on. Should always be 443.You can disregard this header.
Both of these headers should have the same value - the protocol that the requests was forwarded on. Should always be HTTPS.You can disregard these headers.
X-Forwarded-SslIndicates if SSL was enabled for the forwarded. Should always be on.You can disregard this header.
X-Pcibooking-Tokenization-WarningsA list of warnings if there were any issues with the tokenization process.We strongly recommend that you process this header and set up a workflow to address these warnings.
X-Real-IpThe IP address used to send the request. Usually this would be the PCI Booking address as it was the las server to process the request before it was sent to you.We recommend using the X-Forwarded-For header as it contains more information - in which case, you can disregard this header.
X-TokenThe card token(s) will be listed in this header in a semi-colon separated list.We recommend processing this header and allowing for situations where there are multiple tokens listed (in case there are multiple cards in the request).