Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Capture HTTP request/response headers as span attributes #1898

Merged
merged 11 commits into from
Sep 21, 2021
Merged

Capture HTTP request/response headers as span attributes #1898

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
9bdf1e6
Capture HTTP request/response headers as span attributes
Aug 30, 2021
b11f7af
Reference footnote [2]
Aug 30, 2021
fb11220
code review suggestions
Aug 31, 2021
5b2f882
code review suggestions
Aug 31, 2021
ad335c1
code review comments
Sep 6, 2021
19823de
normalize HTTP header names
Sep 8, 2021
d39e727
Update specification/trace/semantic_conventions/http.md
Sep 17, 2021
bfb35dd
code review suggestion
Sep 17, 2021
12151ec
Add a CHANGELOG entry
Sep 17, 2021
749a9cb
code review suggestions
Sep 17, 2021
05e3149
Merge branch 'main' into capture-http-headers
yurishkuro Sep 21, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ release.
([#1810](https://github.com/open-telemetry/opentelemetry-specification/pull/1810))
- Clarifications for `http.client_ip` and `http.host`.
([#1890](https://github.com/open-telemetry/opentelemetry-specification/pull/1890))
- Add HTTP request and response headers semantic conventions.
([#1898](https://github.com/open-telemetry/opentelemetry-specification/pull/1898))

### Compatibility

Expand Down
16 changes: 16 additions & 0 deletions specification/trace/semantic_conventions/http.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ and various HTTP versions like 1.1, 2 and SPDY.
- [Name](#name)
- [Status](#status)
- [Common Attributes](#common-attributes)
- [HTTP request and response headers](#http-request-and-response-headers)
- [HTTP client](#http-client)
- [HTTP server](#http-server)
- [HTTP server definitions](#http-server-definitions)
Expand Down Expand Up @@ -87,6 +88,21 @@ Don't set the span status description if the reason can be inferred from `http.s

It is recommended to also use the general [network attributes][], especially `net.peer.ip`. If `net.transport` is not specified, it can be assumed to be `IP.TCP` except if `http.flavor` is `QUIC`, in which case `IP.UDP` is assumed.

### HTTP request and response headers
mateuszrzeszutek marked this conversation as resolved.
Show resolved Hide resolved

| Attribute | Type | Description | Examples | Required |
|---|---|---|---|---|
| `http.request.header.<key>` | string[] | HTTP request headers, `<key>` being the normalized HTTP Header name (lowercase, with `-` characters replaced by `_`), the value being the header values. [1] [2] | `http.request.header.content_type=["application/json"]`; `http.request.header.x_forwarded_for=["1.2.3.4", "1.2.3.5"]` | No |
| `http.response.header.<key>` | string[] | HTTP response headers, `<key>` being the normalized HTTP Header name (lowercase, with `-` characters replaced by `_`), the value being the header values. [1] [2] | `http.response.header.content_type=["application/json"]`; `http.response.header.my_custom_header=["abc", "def"]` | No |
yurishkuro marked this conversation as resolved.
Show resolved Hide resolved

**[1]:** Instrumentations SHOULD require an explicit configuration of which headers are to be captured.
mateuszrzeszutek marked this conversation as resolved.
Show resolved Hide resolved
Including all request/response headers can be a security risk - explicit configuration helps avoid leaking sensitive information.

Some HTTP headers - `Host` and `User-Agent` - are already captured in the `http.host` and `http.user_agent` attributes.
Users MAY explicitly configure instrumentations to capture them even though it is not recommended.

**[2]:** The attribute value MUST consist of either multiple header values as an array of strings or a single-item array containing a possibly comma-concatenated string, depending on the way the HTTP library provides access to headers.

[network attributes]: span-general.md#general-network-connection-attributes

## HTTP client
Expand Down