Process Request Headers Added By The Gateway

When a request is sent from a third party through the PCI Booking gateway to you, PCI Booking will add additional headers to the request processed. Some of these headers are designed for internal diagnostics in PCI Booking, some are designed to provide you with additional information and some are added as part of the processing of te request by the PCI Booking internal components.

This guide will help identify and explain each of the headers and what they should be used for.

X-Amzn-Trace-Id: Root=1-5c2a3e7f-534419405f0a9800b1ba9920
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Protocol: https
X-Forwarded-Ssl: on
X-Pcibooking-Tokenization-Warnings: [1005] Card type is missing

Header Name


Should you process this header?


Used for internal diagnostics in PCI Booking.

We recommend keeping the value of this header for logging purposes - however not required.


A list of IP addresses that processed this message - starting from the third party and ending with PCI Booking.
Read more on processing the list of IP addresses

We recommend processing the list of IP addresses - particularly if you perform any type of IP address whitelisting.


The port in which the request was forwarded on. Should always be 443.

You can disregard this header.


Both of these headers should have the same value - the protocol that the requests was forwarded on. Should always be HTTPS.

You can disregard these headers.


Indicates if SSL was enabled for the forwarded. Should always be on.

You can disregard this header.


A list of warnings if there were any issues with the tokenization process.

We strongly recommend that you process this header and set up a workflow to address these warnings.


The IP address used to send the request. Usually this would be the PCI Booking address as it was the las server to process the request before it was sent to you.

We recommend using the X-Forwarded-For header as it contains more information - in which case, you can disregard this header.


The card token(s) will be listed in this header in a semi-colon separated list.

We recommend processing this header and allowing for situations where there are multiple tokens listed (in case there are multiple cards in the request).