@@ -54,6 +54,98 @@ async def hello(request):
5454
5555will exclude requests such as ``https://site/client/123/info`` and ``https://site/xyz/healthcheck``.
5656
57+ Capture HTTP request and response headers
58+ *****************************************
59+ You can configure the agent to capture specified HTTP headers as span attributes, according to the
60+ `semantic conventions <https://github.com/open-telemetry/semantic-conventions/blob/main/docs/http/http-spans.md#http-server-span>`_.
61+
62+ Request headers
63+ ***************
64+ To capture HTTP request headers as span attributes, set the environment variable
65+ ``OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SERVER_REQUEST`` to a comma delimited list of HTTP header names.
66+
67+ For example,
68+ ::
69+
70+ export OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SERVER_REQUEST="content-type,custom_request_header"
71+
72+ will extract ``content-type`` and ``custom_request_header`` from the request headers and add them as span attributes.
73+
74+ Request header names in ASGI are case-insensitive. So, giving the header name as ``CUStom-Header`` in the environment
75+ variable will capture the header named ``custom-header``.
76+
77+ Regular expressions may also be used to match multiple headers that correspond to the given pattern. For example:
78+ ::
79+
80+ export OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SERVER_REQUEST="Accept.*,X-.*"
81+
82+ Would match all request headers that start with ``Accept`` and ``X-``.
83+
84+ To capture all request headers, set ``OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SERVER_REQUEST`` to ``".*"``.
85+ ::
86+
87+ export OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SERVER_REQUEST=".*"
88+
89+ The name of the added span attribute will follow the format ``http.request.header.<header_name>`` where ``<header_name>``
90+ is the normalized HTTP header name (lowercase, with ``-`` replaced by ``_``). The value of the attribute will be a
91+ list containing the header values.
92+
93+ For example:
94+ ``http.request.header.custom_request_header = ["<value1>, <value2>"]``
95+
96+ Response headers
97+ ****************
98+ To capture HTTP response headers as span attributes, set the environment variable
99+ ``OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SERVER_RESPONSE`` to a comma delimited list of HTTP header names.
100+
101+ For example,
102+ ::
103+
104+ export OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SERVER_RESPONSE="content-type,custom_response_header"
105+
106+ will extract ``content-type`` and ``custom_response_header`` from the response headers and add them as span attributes.
107+
108+ Response header names in ASGI are case-insensitive. So, giving the header name as ``CUStom-Header`` in the environment
109+ variable will capture the header named ``custom-header``.
110+
111+ Regular expressions may also be used to match multiple headers that correspond to the given pattern. For example:
112+ ::
113+
114+ export OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SERVER_RESPONSE="Content.*,X-.*"
115+
116+ Would match all response headers that start with ``Content`` and ``X-``.
117+
118+ To capture all response headers, set ``OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SERVER_RESPONSE`` to ``".*"``.
119+ ::
120+
121+ export OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SERVER_RESPONSE=".*"
122+
123+ The name of the added span attribute will follow the format ``http.response.header.<header_name>`` where ``<header_name>``
124+ is the normalized HTTP header name (lowercase, with ``-`` replaced by ``_``). The value of the attribute will be a
125+ list containing the header values.
126+
127+ For example:
128+ ``http.response.header.custom_response_header = ["<value1>, <value2>"]``
129+
130+ Sanitizing headers
131+ ******************
132+ In order to prevent storing sensitive data such as personally identifiable information (PII), session keys, passwords,
133+ etc, set the environment variable ``OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SANITIZE_FIELDS``
134+ to a comma delimited list of HTTP header names to be sanitized. Regexes may be used, and all header names will be
135+ matched in a case-insensitive manner.
136+
137+ For example,
138+ ::
139+
140+ export OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SANITIZE_FIELDS=".*session.*,set-cookie"
141+
142+ will replace the value of headers such as ``session-id`` and ``set-cookie`` with ``[REDACTED]`` in the span.
143+
144+ Note:
145+ The environment variable names used to capture HTTP headers are still experimental, and thus are subject to change.
146+
147+ API
148+ ---
57149"""
58150
59151from __future__ import annotations
0 commit comments