> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Gateway Request Headers

> HTTP headers PCI Booking adds to proxied gateway requests. Trace IDs, original IP forwarding, and custom headers.

When a request passes through PCI Booking's gateway (during [tokenization on request](/capture-cards/tokenization-on-request) or [token replacement](/use-tokens/token-replacement-in-request)), PCI Booking adds headers to the relayed request. Some are for diagnostics, some provide useful information about the tokenization result.

## Example

```http theme={null}
X-Amzn-Trace-Id: Root=1-5c2a3e7f-534419405f0a9800b1ba9920
X-Forwarded-For: 109.76.169.47, 172.200.3.67, 34.243.68.114
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Protocol: https
X-Forwarded-Ssl: on
X-pciBooking-Tokenization-Warnings: [1005] Card type is missing
X-Real-Ip: 34.243.68.114
X-Token: https://service.pcibooking.net/api/payments/paycard/c8882c7d3b6a433f91d64cb21eb70d0a
```

## Header Reference

| Header                                       | Description                                                                                                                                       | Action                                                                                                                                             |
| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- |
| `X-Token`                                    | Card token URI(s), semicolon-separated if multiple cards in the request.                                                                          | **Process this.** Store the token(s) for future operations. Handle multiple tokens if your messages can contain multiple cards.                    |
| `X-Forwarded-For`                            | Comma-separated list of IP addresses that processed the message, from the original sender to PCI Booking.                                         | **Recommended.** Process this if you perform IP whitelisting. See [IP Restrictions](/account-setup/security-settings#ip-restrictions) for details. |
| `X-pciBooking-Tokenization-Warnings`         | Warnings about tokenization issues (e.g., missing card type). See [API Conventions](/reference/api-conventions#tokenization-errors-and-warnings). | **Strongly recommended.** Set up a workflow to address these warnings.                                                                             |
| `X-pciBooking-Tokenization-Errors`           | Errors when cards could not be tokenized (e.g., Luhn failure, expired card). Double-semicolon separated for multi-card messages.                  | **Strongly recommended.** Cards that fail tokenization are relayed as-is with the original card data.                                              |
| `X-Amzn-Trace-Id`                            | Internal diagnostics trace ID.                                                                                                                    | Optional. Log for troubleshooting with PCI Booking support.                                                                                        |
| `X-Real-Ip`                                  | IP address of the last server to process the request (usually PCI Booking).                                                                       | Optional. `X-Forwarded-For` provides more complete information.                                                                                    |
| `X-Forwarded-Port`                           | Port the request was forwarded on. Always `443`.                                                                                                  | Ignore.                                                                                                                                            |
| `X-Forwarded-Proto` / `X-Forwarded-Protocol` | Protocol used. Always `https`.                                                                                                                    | Ignore.                                                                                                                                            |
| `X-Forwarded-Ssl`                            | Whether SSL was enabled. Always `on`.                                                                                                             | Ignore.                                                                                                                                            |
