Edge SWG (ProxySG) Access Log Fields

search cancel

Edge SWG (ProxySG) Access Log Fields

book

Article ID: 240610

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

This document lists all valid access log fields for ProxySG.

Resolution

ELFF	Introduced in SGOS versions	Description
Client/Server Bytes
cs-bodylength	7.x 6.7.x 6.6.x 6.5.x	Number of bytes in the body (excludes header) sent from client to appliance.
cs-bytes	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP/1.1 bytes sent from client to appliance.
cs-headerlength	7.x 6.7.x 6.6.x 6.5.x	Number of bytes in the header sent from client to appliance.
rs-bodylength	7.x 6.7.x 6.6.x 6.5.x	Number of bytes in the body (excludes header) sent from upstream host to appliance.
rs-bytes	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP/1.1 bytes sent from upstream host to appliance.
rs-headerlength	7.x 6.7.x 6.6.x 6.5.x	Number of bytes in the header sent from upstream host to appliance.
sc-bodylength	7.x 6.7.x 6.6.x 6.5.x	Number of bytes in the body (excludes header) sent from appliance to client.
sc-bytes	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP/1.1 bytes sent from appliance to client.
sc-headerlength	7.x 6.7.x 6.6.x 6.5.x	Number of bytes in the header sent from appliance to client.
sr-bodylength	7.x 6.7.x 6.6.x 6.5.x	Number of bytes in the body (excludes header) sent from appliance to upstream host.
sr-bytes	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP/1.1 bytes sent from appliance to upstream host.
sr-headerlength	7.x 6.7.x 6.6.x 6.5.x	Number of bytes in the header sent from appliance to upstream host.

Connection Details
c-connect-type	7.x 6.7.x 6.6.x 6.5.x	The type of connection made by the client to the appliance: 'Transparent' or 'Explicit'
c-dns	7.x 6.7.x 6.6.x 6.5.x	Hostname of the client (uses the client's IP address to avoid reverse DNS)
c-ip	7.x 6.7.x 6.6.x 6.5.x	IP address of the client
c-port	7.x 6.7.x 6.6.x 6.5.x	Source port used by the client
cs-ip	7.x 6.7.x 6.6.x 6.5.x	IP address of the destination of the client's connection
r-dns	7.x 6.7.x 6.6.x 6.5.x	Hostname from the outbound server URL
r-ip	7.x 6.7.x 6.6.x 6.5.x	IP address from the outbound server URL
r-port	7.x 6.7.x 6.6.x 6.5.x	Port from the outbound server URL
r-supplier-country	7.x 6.7.x	Country of the upstream host. This is not set if a connection is not made, but is correct when an exception occurs.
r-supplier-dns	7.x 6.7.x 6.6.x 6.5.x	Hostname of the upstream host. This is not set if a connection is not made, but is correct when an exception occurs.
r-supplier-ip	7.x 6.7.x 6.6.x 6.5.x	IP address used to contact the upstream host. This is not set if a connection is not made, but is correct when an exception occurs.
r-supplier-port	7.x 6.7.x 6.6.x 6.5.x	Port used to contact the upstream host. This is not set if a connection is not made, but is correct when an exception occurs.
s-computername	7.x 6.7.x 6.6.x 6.5.x	Configured name of the appliance
s-connect-type	7.x 6.7.x 6.6.x 6.5.x	Upstream connection type (Direct, SOCKS gateway, etc.)
s-dns	7.x 6.7.x 6.6.x 6.5.x	Hostname of the appliance (uses the primary IP address to avoid reverse DNS)
s-ip	7.x 6.7.x 6.6.x 6.5.x	IP address of the appliance on which the client established its connection
s-port	7.x 6.7.x 6.6.x 6.5.x	Port of the appliance on which the client established its connection
s-sitename	7.x 6.7.x 6.6.x 6.5.x	The service type used to process the transaction
s-source-ip	7.x 6.7.x 6.6.x 6.5.4.1	The source IP address of the ProxySG appliance when attempting to access a remote site or URL. Note: This field is available for HTTP and HTTPS proxies only.
s-source-port	7.x 6.7.x 6.6.x 6.5.x	The source port of the ProxySG appliance when attempting to access a remote site or URL Note: This field is available for HTTP, HTTPS, and FTP proxies.
s-supplier-country	7.x 6.7.x 6.6.x	The geolocation (country) associated with the IP address of the connection, identified by s-supplier-ip . This is not set if a connection is not made or if an exception occurs.
s-supplier-failures	7.x 6.7.x 6.6.x	A list of entries where the IP address resolved but did not result in a successful connection. Each entry comprises the IP address, country, and whether the connection was denied or timed out. This field is designed for use with Symantec Corp. Reporter.
s-supplier-ip	7.x 6.7.x 6.6.x 6.5.x	IP address used to contact the upstream host. This is not set if a connection is not made or if an exception occurs.
s-supplier-name	7.x 6.7.x 6.6.x 6.5.x	Hostname of the upstream host. This is not set if a connection is not made or if an exception occurs.
s-supplier-port	7.x 6.7.x 6.6.x	IP port used to contact the upstream host. This is not set if a connection is not made or if an exception occurs.
sc-adapter	7.x 6.7.x 6.6.x 6.5.x	Adapter number of the client's connection to the appliance
sc-connection	7.x 6.7.x 6.6.x 6.5.x	Unique identifier of the client's connection (such as SOCKET)
x-appliance-serial-number	7.x 6.7.x 6.6.x 6.5.x	The serial number of the appliance
x-appliance-first-mac-address	7.x 6.7.x 6.6.x 6.5.x	The MAC address of the first installed adapter
x-appliance-full-version	7.x 6.7.x 6.6.x 6.5.x	The full version of the SGOS software
x-appliance-mc-certificate-fingerprint	7.x 6.7.x 6.6.x 6.5.x	The fingerprint of the Management Console certificate.
x-appliance-model-name	7.x 6.7.x 6.6.x 6.5.x	The model name of the appliance.
x-appliance-product-name	7.x 6.7.x 6.6.x 6.5.x	The product name of the appliance.
x-appliance-product-tag	7.x 6.7.x 6.6.x 6.5.x	The product tag of the appliance.
x-appliance-serial-number	7.x 6.7.x 6.6.x	The serial number of the appliance
x-appliance-series-name	7.x 6.7.x 6.6.x 6.5.x	The series name of the appliance.
x-bluecoat-access-type	7.x 6.7.x 6.6.x	Method used to access the cloud service.
x-bluecoat-appliance-identifier	7.x 6.7.x 6.6.x 6.5.x	Compact identifier of the appliance
x-bluecoat-appliance-name	7.x 6.7.x 6.6.x 6.5.x	Configured name of the appliance
x-bluecoat-appliance-primary-address	7.x 6.7.x 6.6.x 6.5.x	Primary IP address of the appliance
x-bluecoat-c-surrogate-ip	7.x 6.7.x 6.6.x	IP address of the client in the data center
x-bluecoat-connection-tenant-id	7.x 6.7.x 6.6.x	Tenant ID for the connection.
x-bluecoat-groups-of-interest-version	7.x 6.7.x 6.6.x	Version of the cloud service groups of interest for a tenant policy.
x-bluecoat-location-id	7.x 6.7.x 6.6.x	ID of the cloud service customer site
x-bluecoat-proxy-primary-address	7.x 6.7.x 6.6.x 6.5.x	Primary IP address of the appliance
x-bluecoat-request-tenant-id	7.x 6.7.x 6.6.x	Tenant ID for the request.
x-bluecoat-server-connection-socket-errno	7.x 6.7.x 6.6.x 6.5.x	Error message associated with a failed attempt to connect to an upstream host
x-bluecoat-tenant-policy-version	7.x 6.7.x 6.6.x	Version of the cloud service tenant policy
x-bluecoat-transaction-id	7.x 6.7.x 6.6.x 6.5.x	Unique per-request identifier generated by the appliance. Note: This value is not unique across multiple appliances; use x-bluecoat-transaction-uuid to log globally unique identifiers.
x-bluecoat-transaction-uuid	7.x 6.7.x 6.6.3.2 6.5.9.2	Globally unique per-request identifier generated by the appliance. Default exception pages include the transaction ID; thus, you can look for the ID in the access log to learn more about the transaction. For WAF, you can use the ID to ascertain if WAF engines correctly detected an attack or if it was a false positive.
x-client-address	7.x 6.7.x 6.6.x 6.5.x	IP address of the client
x-client-connection-bytes	7.x 6.7.x 6.6.x 6.5.x	Total number of bytes send to and received from the client
x-client-ip	7.x 6.7.x 6.6.x 6.5.x	IP address of the client
x-cs-dns	7.x 6.7.x 6.6.x 6.5.x	The hostname of the client obtained through reverse DNS.
x-cs-client-effective-ip	7.x 6.7.x 6.6.x 6.5.5.7	The effective client IP address when the client.effective_address() property is configured. If the property is not configured, the content matches c-ip .
x-cs-client-effective-ip-country	7.x 6.7.x 6.6.x 6.5.5.7	The country associated with the effective client IP address when the client.effective_address() property is configured. If the property is not configured, the content matches x-cs-client-ip-country.
x-cs-client-ip-country	7.x 6.7.x 6.6.x 6.5.x	The country associated with the client IP address.
x-cs-connection-dscp	7.x 6.7.x 6.6.x 6.5.x	DSCP client inbound value
x-cs-connection-encrypted-tap	7.x 6.7.x 6.6.x 6.5.2.1	Whether or not the client-side SSL connection is tapped. If tapped, the field value is "TAPPED".
x-cs-connection-negotiated-cipher	7.x 6.7.x 6.6.x 6.5.x	OpenSSL cipher suite negotiated for the client connection
x-cs-connection-negotiated-cipher-size	7.x 6.7.x 6.6.x 6.5.x	Ciphersize of the OpenSSL cipher suite negotiated for the client connection
x-cs-connection-negotiated-cipher-strength	7.x 6.7.x 6.6.x 6.5.x	Strength of the OpenSSL cipher suite negotiated for the client connection
x-cs-connection-negotiated-ssl-version	7.x 6.7.x 6.6.x 6.5.x	Version of the SSL protocol negotiated for the client connection
x-cs-ident-username	7.x 6.7.x 6.6.x 6.5.x	The username associated with this session as returned from an ident query. This is an empty string if no session is known.
x-cs-interface	7.x 6.7.x 6.6.x	Interface on which the client established its connection
x-cs-interface-routing-domain	7.x 6.7.x 6.6.x	Routing domain on which the client established its connection
x-cs-netbios-computer-domain	7.x 6.7.x 6.6.x 6.5.x	The name of the domain to which the computer belongs. This is an empty string if the query fails or the name is not reported. When using the $(netbios.*) substitutions to generate the username, the client machines must react to a NetBIOS over TCP/IP node status query.
x-cs-netbios-computer-name	7.x 6.7.x 6.6.x 6.5.x	The NetBIOS name of the computer. This is an empty string if the query fails or the name is not reported. When using the $(netbios.*) substitutions to generate the username, the client machines must react to a NetBIOS over TCP/IP node status query.
x-cs-netbios-messenger-username	7.x 6.7.x 6.6.x 6.5.x	The name of the logged-in user. This is an empty string if the query fails or the name is not reported. It is also empty there is more than one logged-in user. When using the $(netbios.*) substitutions to generate the username, the client machines must react to a NetBIOS over TCP/IP node status query.
x-cs-netbios-messenger-usernames	7.x 6.7.x 6.6.x 6.5.x	A comma-separated list of the all the messenger usernames reported by the target computer. This is an empty string if the query fails, or no names are reported. When using the $(netbios.*) substitutions to generate the username, the client machines must react to a NetBIOS over TCP/IP node status query.
x-cs-session-username	7.x 6.7.x 6.6.x 6.5.x	The username associated with this session as reported by RADIUS accounting. This is an empty string if no session is known.
x-module-name	7.x 6.7.x 6.6.x 6.5.x	The SGOS module that is handling the transaction
x-random-ipv6	7.x	Value of the X-Forwarded-For header if it is set to a random IPv6 address by Universal Policy.
x-rs-connection-dscp	7.x 6.7.x 6.6.x 6.5.x	DSCP server inbound value
x-rs-connection-encrypted-tap	7.x	Whether or not the server-side SSL connection is tapped. If tapped, the field value is "TAPPED".
x-rs-connection-negotiated-cipher	7.x 6.7.x 6.6.x 6.5.x	OpenSSL cipher suite negotiated for the server connection
x-rs-connection-negotiated-cipher-size	7.x 6.7.x 6.6.x 6.5.x	Ciphersize of the OpenSSL cipher suite negotiated for the server connection
x-rs-connection-negotiated-cipher-strength	7.x 6.7.x 6.6.x 6.5.x	Strength of the OpenSSL cipher suite negotiated for the server connection
x-rs-connection-negotiated-ssl-version	7.x 6.7.x 6.6.x 6.5.x	Version of the SSL protocol negotiated for the server connection
x-sc-connection-dscp-decision	7.x 6.7.x 6.6.x 6.5.x	DSCP client outbound value
x-sc-connection-issuer-keyring	7.x 6.7.x 6.6.x 6.5.x	Issuer for forged certificates
x-server-adn-connection-bytes	7.x 6.7.x 6.6.x 6.5.x	Total number of compressed ADN bytes send to and received from the server
x-server-connection-bytes	7.x 6.7.x 6.6.x 6.5.x	Total number of bytes send to and received from the server
x-service-group	7.x 6.7.x 6.6.x 6.5.x	The name of the service group that handled the transaction
x-service-name	7.x 6.7.x 6.6.x 6.5.x	The name of the service that handled the transaction
x-sr-connection-dscp-decision	7.x 6.7.x 6.6.x 6.5.x	DSCP server outbound value

DNS
x-dns-cs-address	7.x 6.7.x 6.6.x 6.5.x	The address queried in a reverse DNS lookup
x-dns-cs-dns	7.x 6.7.x 6.6.x 6.5.x	The hostname queried in a forward DNS lookup
x-dns-cs-opcode	7.x 6.7.x 6.6.x 6.5.x	The DNS OPCODE used in the DNS query
x-dns-cs-qclass	7.x 6.7.x 6.6.x 6.5.x	The DNS QCLASS used in the DNS query
x-dns-cs-qtype	7.x 6.7.x 6.6.x 6.5.x	The DNS QTYPE used in the DNS query
x-dns-cs-threat-risk-level	7.x 6.7.x 6.6.x 6.5.x	The DNS Threat Risk Level.
x-dns-cs-transport	7.x 6.7.x 6.6.x 6.5.x	The transport protocol used by the client connection in a DNS query
x-dns-rs-a-records	7.x 6.7.x 6.6.x 6.5.x	The DNS A RRs in the response from upstream
x-dns-rs-cname-records	7.x 6.7.x 6.6.x 6.5.x	The DNS CNAME RRs in the response from upstream
x-dns-rs-ptr-records	7.x 6.7.x 6.6.x 6.5.x	The DNS A RRs in the response from upstream
x-dns-rs-rcode	7.x 6.7.x 6.6.x 6.5.x	The DNS RCODE in the response from upstream

HTTP
x-bluecoat-invalid-response-headers	7.x 6.7.x 6.6.x 6.5.9.11	Logs information about the HTTP(S) response of it is still considered invalid after normalization.
x-bluecoat-normalized-response-headers	7.x 6.7.x 6.6.x 6.5.9.11	Logs information about any normalization of the HTTP(S) response that was completed.
x-http-connect-host	7.x 6.7.4.x	The host name in original HTTP CONNECT request.
x-http-connect-port	7.x 6.7.4.x	The port number in original HTTP CONNECT request.
x-http-noncacheable-reason	7.x 6.7.x 6.6.x 6.5.x	The reason(s) the HTTP response was not cached.

Request Headers
cs(Accept)	7.x 6.7.x 6.6.x 6.5.x	Request header: Accept
cs(Accept)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Accept
cs(Accept)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Accept
cs(Accept-Charset)	7.x 6.7.x 6.6.x 6.5.x	Request header: Accept-Charset
cs(Accept-Charset)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Accept-Charset
cs(Accept-Charset)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Accept-Charset
cs(Accept-Encoding)	7.x 6.7.x 6.6.x 6.5.x	Request header: Accept-Encoding
cs(Accept-Encoding)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Accept-Encoding
cs(Accept-Encoding)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Accept-Encoding
cs(Accept-Language)	7.x 6.7.x 6.6.x 6.5.x	Request header: Accept-Language
cs(Accept-Language)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Accept-Language
cs(Accept-Language)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Accept-Language
cs(Accept-Ranges)	7.x 6.7.x 6.6.x 6.5.x	Request header: Accept-Ranges
cs(Accept-Ranges)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Accept-Ranges
cs(Accept-Ranges)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Accept-Ranges
cs(Age)	7.x 6.7.x 6.6.x 6.5.x	Request header: Age
cs(Age)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Age
cs(Age)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Age
cs(Allow)	7.x 6.7.x 6.6.x 6.5.x	Request header: Allow
cs(Allow)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Allow
cs(Allow)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Allow
cs(Authentication-Info)	7.x 6.7.x 6.6.x 6.5.x	Request header: Authentication-Info
cs(Authentication-Info)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Authentication-Info
cs(Authentication-Info)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Authentication-Info
cs(Authorization)	7.x 6.7.x 6.6.x 6.5.x	Request header: Authorization
cs(Authorization)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Authorization
cs(Authorization)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Authorization
cs(CSRF-Token)	7.x 6.7.4.x	Request header: CSRF-Token
cs(CSRF-Token)-count	7.x 6.7.4.x	Number of HTTP request header: CSRF-Token
cs(CSRF-Token)-length	7.x 6.7.4.x	Length of HTTP request header: CSRF-Token
cs(Cache-Control)	7.x 6.7.x 6.6.x 6.5.x	Request header: Cache-Control
cs(Cache-Control)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Cache-Control
cs(Cache-Control)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Cache-Control
cs(Client-IP)	7.x 6.7.x 6.6.x 6.5.x	Request header: Client-IP
cs(Client-IP)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Client-IP
cs(Client-IP)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Client-IP
cs(Connection)	7.x 6.7.x 6.6.x 6.5.x	Request header: Connection
cs(Connection)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Connection
cs(Connection)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Connection
cs(Content-Disposition)	7.x 6.7.x 6.6.x 6.5.x	Request header: Content-Disposition
cs(Content-Disposition)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Content-Disposition
cs(Content-Disposition)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Content-Disposition
cs(Content-Encoding)	7.x 6.7.x 6.6.x 6.5.x	Request header: Content-Encoding
cs(Content-Encoding)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Content-Encoding
cs(Content-Encoding)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Content-Encoding
cs(Content-Language)	7.x 6.7.x 6.6.x 6.5.x	Request header: Content-Language
cs(Content-Language)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Content-Language
cs(Content-Language)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Content-Language
cs(Content-Length)	7.x 6.7.x 6.6.x 6.5.x	Request header: Content-Length
cs(Content-Length)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Content-Length
cs(Content-Length)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Content-Length
cs(Content-Location)	7.x 6.7.x 6.6.x 6.5.x	Request header: Content-Location
cs(Content-Location)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Content-Location
cs(Content-Location)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Content-Location
cs(Content-MD5)	7.x 6.7.x 6.6.x 6.5.x	Request header: Content-MD5
cs(Content-MD5)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Content-MD5
cs(Content-MD5)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Content-MD5
cs(Content-Range)	7.x 6.7.x 6.6.x 6.5.x	Request header: Content-Range
cs(Content-Range)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Content-Range
cs(Content-Range)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Content-Range
cs(Content-Type)	7.x 6.7.x 6.6.x 6.5.x	Request header: Content-Type
cs(Content-Type)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Content-Type
cs(Content-Type)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Content-Type
cs(Cookie)	7.x 6.7.x 6.6.x 6.5.x	Request header: Cookie
cs(Cookie)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Cookie
cs(Cookie)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Cookie
cs(Cookie2)	7.x 6.7.x 6.6.x 6.5.x	Request header: Cookie2
cs(Cookie2)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Cookie2
cs(Cookie2)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Cookie2
cs(Date)	7.x 6.7.x 6.6.x 6.5.x	Request header: Date
cs(Date)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Date
cs(Date)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Date
cs(Etag)	7.x 6.7.x 6.6.x 6.5.x	Request header: Etag
cs(Etag)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Etag
cs(Etag)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Etag
cs(Expect)	7.x 6.7.x 6.6.x 6.5.x	Request header: Expect
cs(Expect)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Expect
cs(Expect)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Expect
cs(Expires)	7.x 6.7.x 6.6.x 6.5.x	Request header: Expires
cs(Expires)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Expires
cs(Expires)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Expires
cs(From)	7.x 6.7.x 6.6.x 6.5.x	Request header: From
cs(From)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: From
cs(From)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: From
cs(Front-End-HTTPS)	7.x 6.7.x 6.6.x 6.5.x	Request header: Front-End-HTTPS
cs(Front-End-HTTPS)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Front-End-HTTPS
cs(Front-End-HTTPS)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Front-End-HTTPS
cs(Host)	7.x 6.7.x 6.6.x 6.5.x	Request header: Host
cs(Host)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Host
cs(Host)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Host
cs(HTTP2-Settings)	7.x	Request header: HTTP2-Settings
cs(HTTP2-Settings)-count	7.x	Number of HTTP request header: HTTP2-Settings
cs(HTTP2-Settings)-length	7.x	Length of HTTP request header: HTTP2-Settings
cs(If-Match)	7.x 6.7.x 6.6.x 6.5.x	Request header: If-Match
cs(If-Match)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: If-Match
cs(If-Match)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: If-Match
cs(If-Modified-Since)	7.x 6.7.x 6.6.x 6.5.x	Request header: If-Modified-Since
cs(If-Modified-Since)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: If-Modified-Since
cs(If-Modified-Since)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: If-Modified-Since
cs(If-None-Match)	7.x 6.7.x 6.6.x 6.5.x	Request header: If-None-Match
cs(If-None-Match)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: If-None-Match
cs(If-None-Match)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: If-None-Match
cs(If-Range)	7.x 6.7.x 6.6.x 6.5.x	Request header: If-Range
cs(If-Range)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: If-Range
cs(If-Range)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: If-Range
cs(If-Unmodified-Since)	7.x 6.7.x 6.6.x 6.5.x	Request header: If-Unmodified-Since
cs(If-Unmodified-Since)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: If-Unmodified-Since
cs(If-Unmodified-Since)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: If-Unmodified-Since
cs(Last-Modified)	7.x 6.7.x 6.6.x 6.5.x	Request header: Last-Modified
cs(Last-Modified)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Last-Modified
cs(Last-Modified)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Last-Modified
cs(Location)	7.x 6.7.x 6.6.x 6.5.x	Request header: Location
cs(Location)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Location
cs(Location)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Location
cs(Max-Forwards)	7.x 6.7.x 6.6.x 6.5.x	Request header: Max-Forwards
cs(Max-Forwards)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Max-Forwards
cs(Max-Forwards)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Max-Forwards
cs(Meter)	7.x 6.7.x 6.6.x 6.5.x	Request header: Meter
cs(Meter)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Meter
cs(Meter)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Meter
cs(Origin)	7.x 6.7.x 6.6.x 6.5.x	Request header: Origin
cs(Origin)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Origin
cs(Origin)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Origin
cs(P3P)	7.x 6.7.x 6.6.x 6.5.x	Request header: P3P
cs(P3P)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: P3P
cs(P3P)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: P3P
cs(Pragma)	7.x 6.7.x 6.6.x 6.5.x	Request header: Pragma
cs(Pragma)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Pragma
cs(Pragma)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Pragma
cs(Proxy-Authenticate)	7.x 6.7.x 6.6.x 6.5.x	Request header: Proxy-Authenticate
cs(Proxy-Authenticate)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Proxy-Authenticate
cs(Proxy-Authenticate)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Proxy-Authenticate
cs(Proxy-Connection)	7.x 6.7.x 6.6.x 6.5.x	Request header: Proxy-Connection
cs(Proxy-Connection)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Proxy-Connection
cs(Proxy-Connection)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Proxy-Connection
cs(Range)	7.x 6.7.x 6.6.x 6.5.x	Request header: Range
cs(Range)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Range
cs(Range)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Range
cs(Referer)	7.x 6.7.x 6.6.x 6.5.x	Request header: Referer
cs(Referer)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Referer
cs(Referer)-length	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Referer
cs(Refresh)	7.x 6.7.x 6.6.x 6.5.x	Request header: Refresh
cs(Refresh)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Refresh
cs(Refresh)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Refresh
cs(Retry-After)	7.x 6.7.x 6.6.x 6.5.x	Request header: Retry-After
cs(Retry-After)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Retry-After
cs(Retry-After)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Retry-After
cs(Server)	7.x 6.7.x 6.6.x 6.5.x	Request header: Server
cs(Server)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Server
cs(Server)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Server
cs(Set-Cookie)	7.x 6.7.x 6.6.x 6.5.x	Request header: Set-Cookie
cs(Set-Cookie)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Set-Cookie
cs(Set-Cookie)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Set-Cookie
cs(Set-Cookie2)	7.x 6.7.x 6.6.x 6.5.x	Request header: Set-Cookie2
cs(Set-Cookie2)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Set-Cookie2
cs(Set-Cookie2)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Set-Cookie2
cs(TE)	7.x 6.7.x 6.6.x 6.5.x	Request header: TE
cs(TE)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: TE
cs(TE)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: TE
cs(Trailer)	7.x 6.7.x 6.6.x 6.5.x	Request header: Trailer
cs(Trailer)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Trailer
cs(Trailer)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Trailer
cs(Transfer-Encoding)	7.x 6.7.x 6.6.x 6.5.x	Request header: Transfer-Encoding
cs(Transfer-Encoding)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Transfer-Encoding
cs(Transfer-Encoding)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Transfer-Encoding
cs(Upgrade)	7.x 6.7.x 6.6.x 6.5.x	Request header: Upgrade
cs(Upgrade)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Upgrade
cs(Upgrade)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Upgrade
cs(User-Agent)	7.x 6.7.x 6.6.x 6.5.x	Request header: User-Agent
cs(User-Agent)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: User-Agent
cs(User-Agent)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: User-Agent
cs(Vary)	7.x 6.7.x 6.6.x 6.5.x	Request header: Vary
cs(Vary)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Vary
cs(Vary)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Vary
cs(Via)	7.x 6.7.x 6.6.x 6.5.x	Request header: Via
cs(Via)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Via
cs(Via)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Via
cs(WWW-Authenticate)	7.x 6.7.x 6.6.x 6.5.x	Request header: WWW-Authenticate
cs(WWW-Authenticate)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: WWW-Authenticate
cs(WWW-Authenticate)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: WWW-Authenticate
cs(Warning)	7.x 6.7.x 6.6.x 6.5.x	Request header: Warning
cs(Warning)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: Warning
cs(Warning)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: Warning
cs(X-BlueCoat-Authorization)	7.x 6.7.x 6.6.x 6.5.x	Request header: X-BlueCoat-Authorization
cs(X-BlueCoat-Authorization)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: X-BlueCoat-Authorization
cs(X-BlueCoat-Authorization)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: X-BlueCoat-Authorization
cs(X-BlueCoat-DMI)	7.x 6.7.x 6.6.x 6.5.x	Request header: X-BlueCoat-DMI
cs(X-BlueCoat-DMI)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: X-BlueCoat-DMI
cs(X-BlueCoat-DMI)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: X-BlueCoat-DMI
cs(X-BlueCoat-Error)	7.x 6.7.x 6.6.x 6.5.x	Request header: X-BlueCoat-Error
cs(X-BlueCoat-Error)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: X-BlueCoat-Error
cs(X-BlueCoat-Error)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: X-BlueCoat-Error
cs(X-BlueCoat-MC-Client-Ip)	7.x 6.7.x 6.6.x 6.5.x	Request header: X-BlueCoat-MC-Client-Ip
cs(X-BlueCoat-MC-Client-Ip)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: X-BlueCoat-MC-Client-Ip
cs(X-BlueCoat-MC-Client-Ip)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: X-BlueCoat-MC-Client-Ip
cs(X-BlueCoat-Serial-Number)	7.x 6.7.x 6.6.x 6.5.x	Request header: X-BlueCoat-Serial-Number
cs(X-BlueCoat-Serial-Number)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: X-BlueCoat-Serial-Number
cs(X-BlueCoat-Serial-Number)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: X-BlueCoat-Serial-Number
cs(X-BlueCoat-Via)	7.x 6.7.x 6.6.x 6.5.x	Request header: X-BlueCoat-Via
cs(X-BlueCoat-Via)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: X-BlueCoat-Via
cs(X-BlueCoat-Via)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: X-BlueCoat-Via
cs(X-Forwarded-For)	7.x 6.7.x 6.6.x 6.5.x	Request header: X-Forwarded-For
cs(X-Forwarded-For)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: X-Forwarded-For
cs(X-Forwarded-For)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: X-Forwarded-For
cs(X-Requested-With)	7.x 6.7.x 6.6.x 6.5.x	Request header: X-Requested-With
cs(X-Requested-With)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP request header: X-Requested-With
cs(X-Requested-With)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP request header: X-Requested-With

Response Headers
rs(Accept)	7.x 6.7.x 6.6.x 6.5.x	Response header: Accept
rs(Accept)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Accept
rs(Accept)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Accept
rs(Accept-Charset)	7.x 6.7.x 6.6.x 6.5.x	Response header: Accept-Charset
rs(Accept-Charset)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Accept-Charset
rs(Accept-Charset)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Accept-Charset
rs(Accept-Encoding)	7.x 6.7.x 6.6.x 6.5.x	Response header: Accept-Encoding
rs(Accept-Encoding)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Accept-Encoding
rs(Accept-Encoding)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Accept-Encoding
rs(Accept-Language)	7.x 6.7.x 6.6.x 6.5.x	Response header: Accept-Language
rs(Accept-Language)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Accept-Language
rs(Accept-Language)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Accept-Language
rs(Accept-Ranges)	7.x 6.7.x 6.6.x 6.5.x	Response header: Accept-Ranges
rs(Accept-Ranges)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Accept-Ranges
rs(Accept-Ranges)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Accept-Ranges
rs(Age)	7.x 6.7.x 6.6.x 6.5.x	Response header: Age
rs(Age)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Age
rs(Age)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Age
rs(Allow)	7.x 6.7.x 6.6.x 6.5.x	Response header: Allow
rs(Allow)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Allow
rs(Allow)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Allow
rs(Authentication-Info)	7.x 6.7.x 6.6.x 6.5.x	Response header: Authentication-Info
rs(Authentication-Info)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Authentication-Info
rs(Authentication-Info)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Authentication-Info
rs(Authorization)	7.x 6.7.x 6.6.x 6.5.x	Response header: Authorization
rs(Authorization)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Authorization
rs(Authorization)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Authorization
rs(CSRF-Token)	7.x 6.7.4.x	Response header: CSRF-Token
rs(CSRF-Token)-count	7.x 6.7.4.x	Number of HTTP response header: CSRF-Token
rs(CSRF-Token)-length	7.x 6.7.4.x	Length of HTTP response header: CSRF-Token
rs(Cache-Control)	7.x 6.7.x 6.6.x 6.5.x	Response header: Cache-Control
rs(Cache-Control)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Cache-Control
rs(Cache-Control)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Cache-Control
rs(Connection)	7.x 6.7.x 6.6.x 6.5.x	Response header: Connection
rs(Connection)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Connection
rs(Connection)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Connection
rs(Content-Disposition)	7.x 6.7.x 6.6.x 6.5.x	Response header: Content-Disposition
rs(Content-Disposition)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Content-Disposition
rs(Content-Disposition)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Content-Disposition
rs(Content-Encoding)	7.x 6.7.x 6.6.x 6.5.x	Response header: Content-Encoding
rs(Content-Encoding)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Content-Encoding
rs(Content-Encoding)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Content-Encoding
rs(Content-Language)	7.x 6.7.x 6.6.x 6.5.x	Response header: Content-Language
rs(Content-Language)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Content-Language
rs(Content-Language)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Content-Language
rs(Content-Length)	7.x 6.7.x 6.6.x 6.5.x	Response header: Content-Length
rs(Content-Length)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Content-Length
rs(Content-Length)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Content-Length
rs(Content-Location)	7.x 6.7.x 6.6.x 6.5.x	Response header: Content-Location
rs(Content-Location)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Content-Location
rs(Content-Location)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Content-Location
rs(Content-MD5)	7.x 6.7.x 6.6.x 6.5.x	Response header: Content-MD5
rs(Content-MD5)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Content-MD5
rs(Content-MD5)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Content-MD5
rs(Content-Range)	7.x 6.7.x 6.6.x 6.5.x	Response header: Content-Range
rs(Content-Range)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Content-Range
rs(Content-Range)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Content-Range
rs(Content-Security-Policy)	7.x 6.7.x 6.6.x 6.5.x	Response header: Content-Security-Policy
rs(Content-Security-Policy)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Content-Security-Policy
rs(Content-Security-Policy)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Content-Security-Policy
rs(Content-Security-Policy-Report-Only)	7.x 6.7.x 6.6.x 6.5.x	Response header: Content-Security-Policy-Report-Only
rs(Content-Security-Policy-Report-Only)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Content-Security-Policy-Report-Only
rs(Content-Security-Policy-Report-Only)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Content-Security-Policy-Report-Only
rs(Content-Type)	7.x 6.7.x 6.6.x 6.5.x	Response header: Content-Type
rs(Content-Type)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Content-Type
rs(Content-Type)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Content-Type
rs(Cookie)	7.x 6.7.x 6.6.x 6.5.x	Response header: Cookie
rs(Cookie)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Cookie
rs(Cookie)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Cookie
rs(Cookie2)	7.x 6.7.x 6.6.x 6.5.x	Response header: Cookie2
rs(Cookie2)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Cookie2
rs(Cookie2)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Cookie2
rs(Date)	7.x 6.7.x 6.6.x 6.5.x	Response header: Date
rs(Date)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Date
rs(Date)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Date
rs(Etag)	7.x 6.7.x 6.6.x 6.5.x	Response header: Etag
rs(Etag)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Etag
rs(Etag)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Etag
rs(Expect)	7.x 6.7.x 6.6.x 6.5.x	Response header: Expect
rs(Expect)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Expect
rs(Expect)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Expect
rs(Expires)	7.x 6.7.x 6.6.x 6.5.x	Response header: Expires
rs(Expires)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Expires
rs(Expires)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Expires
rs(Front-End-HTTPS)	7.x 6.7.x 6.6.x 6.5.x	Response header: Front-End-HTTPS
rs(Front-End-HTTPS)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Front-End-HTTPS
rs(Front-End-HTTPS)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Front-End-HTTPS
rs(HTTP2-Settings)	7.x 6.7.x 6.6.x 6.5.x	Response header: HTTP2-Settings
rs(HTTP2-Settings)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: HTTP2-Settings
rs(HTTP2-Settings)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: HTTP2-Settings
rs(If-Match)	7.x 6.7.x 6.6.x 6.5.x	Response header: If-Match
rs(If-Match)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: If-Match
rs(If-Match)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: If-Match
rs(If-Modified-Since)	7.x 6.7.x 6.6.x 6.5.x	Response header: If-Modified-Since
rs(If-Modified-Since)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: If-Modified-Since
rs(If-Modified-Since)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: If-Modified-Since
rs(If-None-Match)	7.x 6.7.x 6.6.x 6.5.x	Response header: If-None-Match
rs(If-None-Match)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: If-None-Match
rs(If-None-Match)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: If-None-Match
rs(If-Range)	7.x 6.7.x 6.6.x 6.5.x	Response header: If-Range
rs(If-Range)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: If-Range
rs(If-Range)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: If-Range
rs(If-Unmodified-Since)	7.x 6.7.x 6.6.x 6.5.x	Response header: If-Unmodified-Since
rs(If-Unmodified-Since)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: If-Unmodified-Since
rs(If-Unmodified-Since)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: If-Unmodified-Since
rs(Last-Modified)	7.x 6.7.x 6.6.x 6.5.x	Response header: Last-Modified
rs(Last-Modified)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Last-Modified
rs(Last-Modified)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Last-Modified
rs(Location)	7.x 6.7.x 6.6.x 6.5.x	Response header: Location
rs(Location)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Location
rs(Location)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Location
rs(Max-Forwards)	7.x 6.7.x 6.6.x 6.5.x	Response header: Max-Forwards
rs(Max-Forwards)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Max-Forwards
rs(Max-Forwards)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Max-Forwards
rs(Meter)	7.x 6.7.x 6.6.x 6.5.x	Response header: Meter
rs(Meter)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Meter
rs(Meter)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Meter
rs(Origin)	7.x 6.7.x 6.6.x 6.5.x	Response header: Origin
rs(Origin)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Origin
rs(Origin)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Origin
rs(P3P)	7.x 6.7.x 6.6.x 6.5.x	Response header: P3P
rs(P3P)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: P3P
rs(P3P)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: P3P
rs(Pragma)	7.x 6.7.x 6.6.x 6.5.x	Response header: Pragma
rs(Pragma)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Pragma
rs(Pragma)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Pragma
rs(Proxy-Authenticate)	7.x 6.7.x 6.6.x 6.5.x	Response header: Proxy-Authenticate
rs(Proxy-Authenticate)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Proxy-Authenticate
rs(Proxy-Authenticate)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Proxy-Authenticate
rs(Proxy-Connection)	7.x 6.7.x 6.6.x 6.5.x	Response header: Proxy-Connection
rs(Proxy-Connection)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Proxy-Connection
rs(Proxy-Connection)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Proxy-Connection
rs(Range)	7.x 6.7.x 6.6.x 6.5.x	Response header: Range
rs(Range)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Range
rs(Range)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Range
rs(Refresh)	7.x 6.7.x 6.6.x 6.5.x	Response header: Refresh
rs(Refresh)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Refresh
rs(Refresh)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Refresh
rs(Retry-After)	7.x 6.7.x 6.6.x 6.5.x	Response header: Retry-After
rs(Retry-After)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Retry-After
rs(Retry-After)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Retry-After
rs(Server)	7.x 6.7.x 6.6.x 6.5.x	Response header: Server
rs(Server)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Server
rs(Server)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Server
rs(Set-Cookie)	7.x 6.7.x 6.6.x 6.5.x	Response header: Set-Cookie
rs(Set-Cookie)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Set-Cookie
rs(Set-Cookie)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Set-Cookie
rs(Set-Cookie2)	7.x 6.7.x 6.6.x 6.5.x	Response header: Set-Cookie2
rs(Set-Cookie2)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Set-Cookie2
rs(Set-Cookie2)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Set-Cookie2
rs(TE)	7.x 6.7.x 6.6.x 6.5.x	Response header: TE
rs(TE)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: TE
rs(TE)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: TE
rs(Trailer)	7.x 6.7.x 6.6.x 6.5.x	Response header: Trailer
rs(Trailer)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Trailer
rs(Trailer)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Trailer
rs(Transfer-Encoding)	7.x 6.7.x 6.6.x 6.5.x	Response header: Transfer-Encoding
rs(Transfer-Encoding)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Transfer-Encoding
rs(Transfer-Encoding)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Transfer-Encoding
rs(Upgrade)	7.x 6.7.x 6.6.x 6.5.x	Response header: Upgrade
rs(Upgrade)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Upgrade
rs(Upgrade)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Upgrade
rs(Vary)	7.x 6.7.x 6.6.x 6.5.x	Response header: Vary
rs(Vary)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Vary
rs(Vary)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Vary
rs(Via)	7.x 6.7.x 6.6.x 6.5.x	Response header: Via
rs(Via)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Via
rs(Via)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Via
rs(WWW-Authenticate)	7.x 6.7.x 6.6.x 6.5.x	response header: WWW-Authenticate
rs(WWW-Authenticate)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: WWW-Authenticate
rs(WWW-Authenticate)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: WWW-Authenticate
rs(Warning)	7.x 6.7.x 6.6.x 6.5.x	Response header: Warning
rs(Warning)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: Warning
rs(Warning)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: Warning
rs(X-BlueCoat-Authorization)	7.x 6.7.x 6.6.x 6.5.x	Response header: X-BlueCoat-Authorization
rs(X-BlueCoat-Authorization)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: X-BlueCoat-Authorization
rs(X-BlueCoat-Authorization)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: X-BlueCoat-Authorization
rs(X-BlueCoat-DMI)	7.x 6.7.x 6.6.x 6.5.x	Response header: X-BlueCoat-DMI
rs(X-BlueCoat-DMI)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: X-BlueCoat-DMI
rs(X-BlueCoat-DMI)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: X-BlueCoat-DMI
rs(X-BlueCoat-Error)	7.x 6.7.x 6.6.x 6.5.x	Response header: X-BlueCoat-Error
rs(X-BlueCoat-Error)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: X-BlueCoat-Error
rs(X-BlueCoat-Error)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: X-BlueCoat-Error
rs(X-BlueCoat-Serial-Number)	7.x 6.7.x 6.6.x 6.5.x	Response header: X-BlueCoat-Serial-Number
rs(X-BlueCoat-Serial-Number)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: X-BlueCoat-Serial-Number
rs(X-BlueCoat-Serial-Number)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: X-BlueCoat-Serial-Number
rs(X-BlueCoat-Via)	7.x 6.7.x 6.6.x 6.5.x	Response header: X-BlueCoat-Via
rs(X-BlueCoat-Via)-count	7.x 6.7.x 6.6.x 6.5.x	Number of HTTP response header: X-BlueCoat-Via
rs(X-BlueCoat-Via)-length	7.x 6.7.x 6.6.x 6.5.x	Length of HTTP response header: X-BlueCoat-Via

Request/Response Details
cs-method	7.x 6.7.x 6.6.x 6.5.x	Request method used from client to appliance
cs-protocol	7.x 6.7.x 6.6.x 6.5.x	Protocol used in the client's request
cs-request-line	7.x 6.7.x 6.6.x 6.5.x	First line of the client's request
cs-version	7.x 6.7.x 6.6.x	Protocol and version from the client's request, (for example, logs "HTTP/1.1" or, in version 7.x, "HTTP/2").
rs-response-line	7.x 6.7.x 6.6.x 6.5.x	First line (that is, status line) of the response from an upstream host to the appliance
rs-status	7.x 6.7.x 6.6.x 6.5.x	Protocol status code of the response from an upstream host to the appliance
rs-version	7.x 6.7.x 6.6.x 6.5.x	Protocol and version of the response from an upstream host to the appliance (for example, logs "HTTP/1.1" or, in version 7.x, "HTTP/2").
sc(Content-Encoding)	7.x 6.7.x 6.6.x 6.5.x	Client Response header: Content-Encoding
sc-status	7.x 6.7.x 6.6.x 6.5.x	Protocol status code from appliance to client
sr(Accept-Encoding)	7.x 6.7.x 6.6.x 6.5.x	Server Request header: Accept-Encoding
x-bluecoat-invalid-response-headers	7.x 6.7.x 6.6.x 6.5.9.11	Logs information about the HTTP(S) response of it is still considered invalid after normalization.
x-bluecoat-normalized-response-headers	7.x 6.7.x 6.6.x 6.5.9.11	Logs information about any normalization of the HTTP(S) response that was completed.
x-bluecoat-redirect-location	7.x 6.7.x 6.6.x 6.5.x	Redirect location URL specified by a redirect CPL action.
x-bluecoat-reference-id	7.x 6.7.x 6.6.x 6.5.x	Reference ID specified in the reference_id(Rule_ID) action in a policy rule.
x-bluecoat-request-details-body	7.x 6.7.x 6.6.4.3	Logs the contents of HTTP request, populated by http.request.log_details[body](yes) or or http.request.log_details[body,header] (yes) in policy. Note: By default, only 8 kB are captured. To increase the amount, use either http.request.data= or (WAF only) http.request.inspection_size() in policy.
x-bluecoat-request-details-header	7.x 6.7.x 6.6.4.3	Logs all HTTP headers in a request, populated by http.request.log_details[header](yes)or http.request.log_details[body,header] (yes) in policy
x-bluecoat-ssl-failure-reason	7.x 6.7.x 6.6.x 6.5.x	Upstream SSL negotiation failure reason
x-bluecoat-time-quota-frequency	7.x 6.7.x 6.6.x	Policy-determined time quota frequency applicable to the transaction.
x-bluecoat-time-quota-limit	7.x 6.7.x 6.6.x	Policy-determined time quota limit applicable to the transaction.
x-bluecoat-time-quota-name	6.7.x 6.6.x	Policy-determined name of the time quota applicable to the transaction.
x-bluecoat-time-quota-warning-limit	7.x 6.7.x 6.6.x	Policy-determined time quota warning limit applicable to the transaction.
x-bluecoat-volume-quota-frequency	7.x 6.7.x 6.6.x	Policy-determined volume quota frequency applicable to the transaction.
x-bluecoat-volume-quota-limit	7.x 6.7.x 6.6.x	Policy-determined name of the volume quota applicable to the transaction.
x-bluecoat-volume-quota-name	7.x 6.7.x 6.6.x	Policy-determined name of the volume quota applicable to the transaction.
x-bluecoat-volume-quota-warning-limit	7.x 6.7.x 6.6.x	Policy-determined volume quota warning limit applicable to the transaction.
x-cs-http-method	7.x 6.7.x 6.6.x 6.5.x	HTTP request method used from client to appliance. Empty for non-HTTP transactions
x-cs-http-version	7.x 6.7.x 6.6.x 6.5.x	HTTP protocol version of request from the client. Does not include protocol qualifier (for example, logs "1.1", not "HTTP/1.1"). In version 6.8, this logs "2" for HTTP/2.
x-cs-raw-headers-count	7.x 6.7.x 6.6.x 6.5.x	Total number of 'raw' headers in the request
x-cs-raw-headers-length	7.x 6.7.x 6.6.x 6.5.x	Total length of 'raw' headers in the request
x-cs-socks-ip	7.x 6.7.x 6.6.x 6.5.x	Destination IP address of a proxied SOCKS request
x-cs-socks-port	7.x 6.7.x 6.6.x 6.5.x	Destination port of a proxied SOCKS request
x-cs-socks-method	7.x 6.7.x 6.6.x 6.5.x	Method of a proxied SOCKS request
x-cs-socks-version	7.x 6.7.x 6.6.x 6.5.x	Version of a proxied SOCKS request.
x-cs-socks-compression	7.x 6.7.x 6.6.x 6.5.x	Used compression in SOCKS client side connection.
x-http-noncacheable-reason	7.x 6.7.x 6.6.x 6.5.x	The reason(s) the HTTP response was not cached.
x-rs-http-version	7.x 6.7.x 6.6.x 6.5.x	HTTP protocol version of response from the upstream host. Does not include protocol qualifier (for example, logs "1.1", not "HTTP/1.1") . In version 6.8, this logs "2" for HTTP/2.
x-sc-http-status	7.x 6.7.x 6.6.x 6.5.x	HTTP response code sent from appliance to client
x-sc-http-version	7.x 6.7.x 6.6.x 6.5.x	HTTP protocol version of response to client. Does not include protocol qualifier (for example, logs "1.1", not "HTTP/1.1") . In version 6.8, this logs "2" for HTTP/2.
x-sr-http-version	7.x 6.7.x 6.6.x 6.5.x	HTTP protocol version of request to the upstream host. Does not include protocol qualifier (for example, logs "1.1", not "HTTP/1.1") . In version 6.8, this logs "2" for HTTP/2.
x-sr-socks-compression	7.x 6.7.x 6.6.x 6.5.x	Used compression in SOCKS server side connection.

Request/Response Status
cs-categories	7.x 6.7.x 6.6.x 6.5.x	All content categories of the request URL
cs-categories-bluecoat	7.x 6.7.x 6.6.x 6.5.x	All content categories of the request URL that are defined by Symantec Corp. WebFilter.
cs-categories-external	7.x 6.7.x 6.6.x 6.5.x	All content categories of the request URL that are defined by an external service.
cs-categories-local	7.x 6.7.x 6.6.x 6.5.x	All content categories of the request URL that are defined by a Local database.
cs-categories-policy	7.x 6.7.x 6.6.x 6.5.x	All content categories of the request URL that are defined by CPL.
cs-categories-provider	7.x 6.7.x 6.6.x 6.5.x	All content categories of the request URL that are defined by the current third-party provider.
cs-categories-qualified	7.x 6.7.x 6.6.x 6.5.x	All content categories of the request URL, qualified by the provider of the category.
cs-category	7.x 6.7.x 6.6.x 6.5.x	Single content category of the request URL (sc-filter-category )
cs-icap-error-details	7.x 6.7.x 6.6.x	REQMOD ICAP error details
cs-icap-error-code	7.x 6.7.x 6.6.x	REQMOD ICAP error code
cs-icap-status	7.x 6.7.x 6.6.x	ICAP REQMOD status
cs-threat-risk	7.x 6.7.x 6.6.x	Threat risk level of the request URL.
cs-uri-categories	7.x 6.7.x 6.6.x 6.5.x	All content categories of the request URL
cs-uri-categories-bluecoat	7.x 6.7.x 6.6.x 6.5.x	All content categories of the request URL that are defined by Symantec Corp. WebFilter.
cs-uri-categories-external	7.x 6.7.x 6.6.x 6.5.x	All content categories of the request URL that are defined by an external service.
cs-uri-categories-local	7.x 6.7.x 6.6.x 6.5.x	All content categories of the request URL that are defined by a Local database.
cs-uri-categories-policy	7.x 6.7.x 6.6.x 6.5.x	All content categories of the request URL that are defined by CPL.
cs-uri-categories-provider	7.x 6.7.x 6.6.x 6.5.x	All content categories of the request URL that are defined by the current third-party provider.
cs-uri-categories-qualified	7.x 6.7.x 6.6.x 6.5.x	All content categories of the request URL, qualified by the provider of the category.
cs-uri-category	7.x 6.7.x 6.6.x 6.5.x	Single content category of the request URL (sc-filter-category )
rs-icap-error-details	7.x 6.7.x 6.6.x	RESPMOD ICAP error details
rs-icap-error-code	7.x 6.7.x 6.6.x	RESPMOD ICAP error code
rs-icap-status	6.7.x 6.6.x	ICAP RESPMOD status
s-action	7.x 6.7.x 6.6.x 6.5.x	Type of action the appliance took to process this request; possible values include ALLOWED, DENIED, FAILED, SERVER_ERROR
s-cpu-util	7.x 6.7.x 6.6.x 6.5.x	Average load on the proxy's processor (0%-100%)
s-icap-info	7.x 6.7.x 6.6.x 6.5.x	ICAP response information
s-icap-status	6.5.x	Deprecated ICAP response status
sc-filter-category	7.x 6.7.x 6.6.x 6.5.x	Content filtering category of the request URL
sc-filter-result	7.x 6.7.x 6.6.x 6.5.x	Deprecated content filtering result: Denied, Proxied or Observed
sr-threat-risk	7.x 6.7.x 6.6.x	Threat risk level of the server URL
x-bluecoat-access-security-policy-action	7.x
x-bluecoat-access-security-policy-reason	7.x
x-bluecoat-application-groups	7.x 6.7.2.1	Reports the application group or groups
x-bluecoat-application-name	7.x 6.7.x 6.6.x 6.5.x	Reports the application name
x-bluecoat-application-operation	7.x 6.7.x 6.6.x 6.5.x	Reports the operation of an application
x-bluecoat-location-name	7.x 6.7.x 6.6.x 6.5.x	Cloud service location name of the ProxySG
x-bluecoat-release-id	7.x 6.7.x 6.6.x 6.5.x	The SGOS release ID
x-bluecoat-release-version	7.x 6.7.x 6.6.x 6.5.x	The SGOS release version of the ProxySG operating system
x-cloud-rs	7.x 6.7.x 6.6.x	Summary of RS server processing in the form (<rs-ratings>:<rating-source>:<rating-label>).
x-cs-application-groups	7.x 6.7.x	Application groups of the request
x-cs-application-name	7.x 6.7.x 6.6.x	WebPulse application name classification of the request
x-cs-application-operation	7.x 6.7.x 6.6.x	WebPulse application operation classification of the request
x-cs(Origin)-uri-categories	7.x	All content categories of the Origin header URL
x-cs(Origin)-uri-categories-bluecoat	7.x	All content categories of the Origin header URL that are defined by Symantec WebFilter
x-cs(Origin)-uri-categories-local	7.x	All content categories of the Origin header URL that are defined by a Local database
x-cs(Origin)-uri-categories-policy	7.x	All content categories of the Origin header URL that are defined by CPL
x-cs(Origin)-uri-categories-provider	7.x	All content categories of the Origin header URL that are defined by the current third-party provider
x-cs(Origin)-uri-categories-qualified	7.x	All content categories of the Origin header URL, qualified by the provider of the category
x-cs(Origin)-uri-category	7.x	Single content category of the Origin header URL (same as sc-filter-category )
x-cs(Origin)-uri-threat-risk	7.x	Threat risk level of the Origin header URL
x-cs(Referer)-uri-categories	7.x 6.7.x 6.6.x 6.5.x	All content categories of the Referer header URL
x-cs(Referer)-uri-categories-bluecoat	7.x 6.7.x 6.6.x 6.5.x	All content categories of the Referer header URL that are defined by Symantec Corp. WebFilter.
x-cs(Referer)-uri-categories-local	7.x 6.7.x 6.6.x 6.5.x	All content categories of the Referer header URL that are defined by a Local database.
x-cs(Referer)-uri-categories-policy	7.x 6.7.x 6.6.x 6.5.x	All content categories of the Referer header URL that are defined by CPL.
x-cs(Referer)-uri-categories-provider	7.x 6.7.x 6.6.x 6.5.x	All content categories of the Referer header URL that are defined by the current third-party provider.
x-cs(Referer)-uri-categories-qualified	7.x 6.7.x 6.6.x 6.5.x	All content categories of the Referer header URL, qualified by the provider of the category.
x-cs(Referer)-uri-category	7.x 6.7.x 6.6.x 6.5.x	Single content category of the Referer header URL (sc-filter-category )
x-cs(Referer)-uri-threat-risk	7.x 6.7.x 6.6.x 6.5.x	Threat risk level of the Referer header URL.
x-data-leak-detected	7.x 6.7.x 6.6.5.2	Whether a data leak has occurred, according to the ICAP response.
x-exception-category	7.x 6.7.x 6.6.x 6.5.x	Defines the content category that caused the triggering of the exception
x-exception-category-review-message	7.x 6.7.x 6.6.x 6.5.x	Exception page message that includes a link allowing content categorization to be reviewed and/or disputed.
x-exception-category-review-url	7.x 6.7.x 6.6.x 6.5.x	URL where content categorizations can be reviewed and/or disputed.
x-exception-company-name	7.x 6.7.x 6.6.x 6.5.x	The company name configured under exceptions
x-exception-contact	7.x 6.7.x 6.6.x 6.5.x	Describes who to contact when certain classes of exceptions occur, configured under exceptions (empty if the transaction has not been terminated)
x-exception-details	7.x 6.7.x 6.6.x 6.5.x	The configurable details of a selected policy-aware response page (empty if the transaction has not been terminated)
x-exception-header	7.x 6.7.x 6.6.x 6.5.x	The header to be associated with an exception response (empty if the transaction has not been terminated)
x-exception-help	7.x 6.7.x 6.6.x 6.5.x	Help text that accompanies the exception resolved (empty if the transaction has not been terminated)
x-exception-id	7.x 6.7.x 6.6.x 6.5.x	Identifier of the exception resolved (empty if the transaction has not been terminated)
x-exception-last-error	7.x 6.7.x 6.6.x 6.5.x	The last error recorded for the current transaction. This can provide insight when unexpected problems are occurring (empty if the transaction has not been terminated)
x-exception-reason	7.x 6.7.x 6.6.x 6.5.x	Indicates the reason why a particular request was terminated (empty if the transaction has not been terminated)
x-exception-sourcefile	7.x 6.7.x 6.6.x 6.5.x	Source filename from which the exception was generated (empty if the transaction has not been terminated)
x-exception-sourceline	7.x 6.7.x 6.6.x 6.5.x	Source file line number from which the exception was generated (empty if the transaction has not been terminated)
x-exception-summary	7.x 6.7.x 6.6.x 6.5.x	Summary of the exception resolved (empty if the transaction has not been terminated)
x-icap-error-code	7.x 6.7.x 6.6.x 6.5.x	ICAP error code
x-icap-error-details	7.x 6.7.x 6.6.x 6.5.x	Deprecated ICAP error details
x-icap-reqmod-header(<header_name>)	7.x 6.7.x 6.6.4.1 6.5.9.2	Content Analysis header values for ICAP REQMOD.
x-icap-respmod-header(<header_name>)	7.x 6.7.x 6.6.4.1 6.5.9.2	Content Analysis header values for ICAP RESPMOD.
x-patience-javascript	7.x 6.7.x 6.6.x 6.5.x	Javascript required to allow patience responses
x-patience-progress	7.x 6.7.x 6.6.x 6.5.x	The progress of the patience request
x-patience-time	7.x 6.7.x 6.6.x 6.5.x	The elapsed time of the patience request
x-patience-url	7.x 6.7.x 6.6.x 6.5.x	The url to be requested for more patience information
x-virus-details	7.x 6.7.x 6.6.x 6.5.x	Details of a virus if one was detected
x-virus-id	7.x 6.7.x 6.6.x 6.5.x	Identifier of a virus if one was detected

SSL
x-cs-certificate-common-name	7.x 6.7.x 6.6.x 6.5.x	Common name in the client certificate
x-cs-certificate-issuer	7.x 6.7.x 6.6.x 6.5.x	Issuer of the certificate presented by the client
x-cs-certificate-pubkey-algorithm	7.x 6.7.x 6.6.x 6.5.x	Public key algorithm in the certificate presented by the client
x-cs-certificate-serial-number	7.x 6.7.x 6.6.x 6.5.x	Serial number of the certificate presented by the client
x-cs-certificate-signature-algorithm	7.x 6.7.x 6.6.x 6.5.x	Signature algorithm in the certificate presented by the client
x-cs-certificate-subject	7.x 6.7.x 6.6.x 6.5.x	Subject of the certificate presented by the client
x-cs-certificate-valid-from	7.x 6.7.x 6.6.x 6.5.x	Date from which the certificate presented by the client is valid
x-cs-certificate-valid-to	7.x 6.7.x 6.6.x 6.5.x	Date until which the certificate presented by the client is valid
x-cs-certificate-version	7.x 6.7.x 6.6.x 6.5.x	Version of the certificate presented by the client
x-cs-ocsp-error	7.x 6.7.x 6.6.x 6.5.x	Errors observed during OCSP check of client certificate
x-cs-server-certificate-key-size	7.x 6.7.4.x 6.6.5.14 6.5.10.7	Certificate type and size in bytes of server certificate key used by client-side connection, such as "RSA[2048]". This field includes an incorrect value in cases where the session is resumed.
x-cs-session-id	7.x 6.7.4.x 6.6.5.14 6.5.10.7	The SSL session ID on the client side returned or resumed by the appliance for the current SSL session.
x-rs-certificate-hostname	7.x 6.7.x 6.6.x 6.5.x	Hostname from the server's SSL certificate
x-rs-certificate-hostname-categories	7.x 6.7.x 6.6.x 6.5.x	All content categories of the server's SSL certificate's hostname
x-rs-certificate-hostname-categories-bluecoat	7.x 6.7.x 6.6.x 6.5.x	All content categories of the server's SSL certificate's hostname that are defined by Symantec Corp. Web Filter.
x-rs-certificate-hostname-categories-local	7.x 6.7.x 6.6.x 6.5.x	All content categories of the server's SSL certificate's hostname that are defined by a Local database.
x-rs-certificate-hostname-categories-policy	7.x 6.7.x 6.6.x 6.5.x	All content categories of the server's SSL certificate's hostname that are defined by CPL.
x-rs-certificate-hostname-categories-provider	7.x 6.7.x 6.6.x 6.5.x	All content categories of the server's SSL certificate's hostname that are defined by the current third-party provider.
x-rs-certificate-hostname-categories-qualified	7.x 6.7.x 6.6.x 6.5.x	All content categories of the server's SSL certificate's hostname, qualified by the provider of the category.
x-rs-certificate-hostname-category	7.x 6.7.x 6.6.x 6.5.x	Single content category of the server's SSL certificate's hostname
x-rs-certificate-hostname-threat-risk	7.x 6.7.x 6.6.x	Threat risk level of the server's SSL certificate's hostname.
x-rs-certificate-issuer	7.x 6.7.x 6.6.x 6.5.x	Issuer of the certificate presented by the server
x-rs-certificate-observed-errors	7.x 6.7.x 6.6.x 6.5.x	Errors observed in the server certificate
x-rs-certificate-pubkey-algorithm	7.x 6.7.x 6.6.x 6.5.x	Public key algorithm in the certificate presented by the server
x-rs-certificate-serial-number	7.x 6.7.x 6.6.x 6.5.x	Serial number of the certificate presented by the server
x-rs-certificate-signature-algorithm	7.x 6.7.x 6.6.x 6.5.x	Signature algorithm in the certificate presented by the server
x-rs-certificate-valid-from	7.x 6.7.x 6.6.x 6.5.x	Date from which the certificate presented by the server is valid
x-rs-certificate-valid-to	7.x 6.7.x 6.6.x 6.5.x	Date until which the certificate presented by the server is valid
x-rs-certificate-validate-status	7.x 6.7.x 6.6.x 6.5.x	Result of validating server SSL certificate
x-rs-certificate-version	7.x 6.7.x 6.6.x 6.5.x	Version of the certificate presented by the server
x-rs-certificate-subject	7.x 6.7.x 6.6.x 6.5.x	Subject of the certificate presented by the server
x-rs-connection-client-certificate-requested	7.x 6.7.x 6.6.x 6.5.x	Logs "1" if the server requested a client certificate; otherwise, logs "0".
x-rs-ocsp-error	7.x 6.7.x 6.6.x 6.5.x	Errors observed during OCSP check of server certificate
x-rs-server-certificate-key-size	7.x 6.7.4.x 6.6.5.14 6.5.10.7	Certificate type and size in bytes of server certificate key used by server-side connection, such as "RSA[2048]"
x-rs-session-id	7.x 6.7.4.x 6.6.5.14 6.5.10.7	The SSL session ID returned or resumed by the server for the current SSL session.
x-sr-connection-client-keyring	7.x 6.7.x 6.6.x 6.5.x	Client keyring selected for client certificate.

Time (absolute)
date	7.x 6.7.x 6.6.x 6.5.x	GMT date in YYYY-MM-DD format
gmttime	7.x 6.7.x 6.6.x 6.5.x	GMT date and time of the user request in format: [DD/MM/YYYY:hh:mm:ss GMT]
localtime	7.x 6.7.x 6.6.x 6.5.x	Local date and time of the user request in format: [DD/MMM/YYYY:hh:mm:ss +nnnn]
time	7.x 6.7.x 6.6.x 6.5.x	GMT time in HH:MM:SS format
timestamp	7.x 6.7.x 6.6.x 6.5.x	Unix type timestamp
x-bluecoat-authentication-start-time	7.x 6.7.4.2	Authentication start time offset (ms) from the start of the transaction
x-bluecoat-authentication-time	7.x 6.7.4.2	Time (ms) required to authenticate the user
x-bluecoat-authorization-start-time	7.x 6.7.4.2	Authorization start time offset (ms) from the start of the transaction
x-bluecoat-authorization-time	7.x 6.7.4.2	Time (ms) required to authorize the user
x-bluecoat-ch-start-time	7.x 6.7.4.2	CH evaluation start time offset (ms) from the start of the transaction
x-bluecoat-ci-start-time	7.x 6.7.4.2	CI evaluation start time offset (ms) from the start of the transaction
x-bluecoat-co-start-time	7.x 6.7.4.2	CO evaluation start time offset (ms) from the start of the transaction
x-bluecoat-day	7.x 6.7.x 6.6.x 6.5.x	Localtime day (as a number) formatted to take up two spaces (e.g. 07 for the 7th of the month)
x-bluecoat-day-utc	7.x 6.7.x 6.6.x 6.5.x	GMT/UTC day, formatted as a two-digit number (for example, 07 for the 7th day of the month)
x-bluecoat-hour	7.x 6.7.x 6.6.x 6.5.x	Localtime hour formatted to always take up two spaces (e.g. 01 for 1AM)
x-bluecoat-hour-utc	7.x 6.7.x 6.6.x 6.5.x	GMT/UTC hour in 24-hour notation, formatted as a two-digit number (for example, 01 for AM and 13 for 1 PM)
x-bluecoat-icap-reqmod-delay-time	7.x 6.7.4.2	Time taken (in milliseconds) to connect to ICAP reqmod service
x-bluecoat-icap-reqmod-service-time	7.x 6.7.4.2	Time taken (in milliseconds) for ICAP reqmod service once connected
x-bluecoat-minute	7.x 6.7.x 6.6.x 6.5.x	Localtime minute formatted to always take up two spaces (e.g. 01 for 1 minute past)
x-bluecoat-minute-utc	7.x 6.7.x 6.6.x 6.5.x	GMT/UTC minute, formatted as a two-digit number (for example, 01 for 1 minute past the hour)
x-bluecoat-month	7.x 6.7.x 6.6.x 6.5.x	Localtime month (as a number) formatted to take up two spaces (e.g. 01 for January)
x-bluecoat-month-utc	7.x 6.7.x 6.6.x 6.5.x	GMT/UTC month, formatted as a two-digit number (for example, 01 for January and 10 for October)
x-bluecoat-monthname	7.x 6.7.x 6.6.x 6.5.x	Localtime month in the short-form string representation (e.g. Jan for January)
x-bluecoat-monthname-utc	7.x 6.7.x 6.6.x 6.5.x	GMT/UTC month as abbreviated string (for example, Jan for January)
x-bluecoat-nc-start-time	7.x 6.7.4.2	NC evaluation start time offset (ms) from the start of the transaction
x-bluecoat-second	7.x 6.7.x 6.6.x 6.5.x	Localtime second formatted to always take up two spaces (e.g. 01 for 1 second past)
x-bluecoat-second-utc	7.x 6.7.x 6.6.x 6.5.x	GMT/UTC second formatted to always take up two spaces (e.g. 01 for 1 second past)
x-bluecoat-si-start-time	7.x 6.7.4.2	SI evaluation start time offset (ms) from the start of the transaction
x-bluecoat-so-start-time	7.x 6.7.4.2	SO evaluation start time offset (ms) from the start of the transaction
x-bluecoat-weekday	7.x 6.7.x 6.6.x 6.5.x	Localtime weekday in the short-form string representation (e.g. Mon for Monday)
x-bluecoat-weekday-utc	7.x 6.7.x 6.6.x 6.5.x	GMT/UTC weekday in the short-form string representation (e.g. Mon for Monday)
x-bluecoat-year	7.x 6.7.x 6.6.x 6.5.x	Localtime year formatted to always take up four spaces
x-bluecoat-year-utc	7.x 6.7.x 6.6.x 6.5.x	GMT/UTC year formatted to always take up four spaces
x-cookie-date	7.x 6.7.x 6.6.x 6.5.x	Current date in Cookie time format
x-http-date	7.x 6.7.x 6.6.x 6.5.x	Current date in HTTP time format
x-timestamp-unix	7.x 6.7.x 6.6.x 6.5.x	Seconds since UNIX epoch (Jan 1, 1970) (local time)
x-timestamp-unix-utc	7.x 6.7.x 6.6.x 6.5.x	Seconds since UNIX epoch (Jan 1, 1970) (GMT/UTC)

Time (transaction)
connect-time	7.x 6.7.x 6.6.x 6.5.x	Total ms required to connect to the OCS
cs-categorization-time	7.x 6.7.x 6.6.x 6.5.x	Time taken (in milliseconds) to categorize the request URL.
cs-categorization-time-dynamic	7.x 6.7.x 6.6.x 6.5.x	Time taken (in milliseconds) to dynamically categorize the request URL
cs-categorization-time-static	7.x 6.7.x 6.6.x 6.5.x	Time taken (in milliseconds) to statically categorize the request URL
cs-request-time	7.x 6.7.x 6.6.x 6.5.x	Time taken (in milliseconds) between NC and CI checkpoints
dnslookup-time	7.x 6.7.x 6.6.x 6.5.x	Total ms cache required to perform the DNS lookup
duration	7.x 6.7.x 6.6.x 6.5.x	Time taken, in seconds, to process the request
rs-download-time-taken	7.x 6.7.x 6.6.x 6.5.x	Total time taken (in milliseconds) to receive the complete response from the origin content server
rs-service-latency	7.x 6.7.x 6.6.x 6.5.x	Total ms required to connect and receive first response byte from the origin server
rs-service-time-taken	7.x 6.7.x 6.6.x 6.5.x	Total time taken (in milliseconds) to receive the first response byte from the origin content server.
rs-time-taken	7.x 6.7.x 6.6.x 6.5.x	Total time taken (in milliseconds) to send the request and receive the response from the origin server
sc-time-taken	7.x 6.7.x 6.6.x 6.5.x	Total time taken (in milliseconds) to return the response to the client
time-taken	7.x 6.7.x 6.6.x 6.5.x	Time taken (in milliseconds) to process the request (from the first byte of client request data received by the proxy, to the last byte sent by the proxy to the client, including all of the delays by ICAP, and so on).
x-bluecoat-ch-evaluation-time	7.x 6.7.x 6.6.x 6.5.x	Time taken (in milliseconds) to evaluation policy at CH
x-bluecoat-ci-evaluation-time	7.x 6.7.x 6.6.x 6.5.x	Time taken (in milliseconds) to evaluation policy at CI
x-bluecoat-co-evaluation-time	7.x 6.7.x 6.6.x 6.5.x	Time taken (in milliseconds) to evaluation policy at CO
x-bluecoat-cot-evaluation-time	7.x 6.7.x 6.6.x 6.5.x	Time taken (in milliseconds) to evaluation policy at COT
x-bluecoat-end-time-mssql	7.x 6.7.x 6.6.x 6.5.x	End local time of the transaction represented as a serial date time
x-bluecoat-end-time-wft	7.x 6.7.x 6.6.x 6.5.x	End local time of the transaction represented as a windows file time
x-bluecoat-icap-respmod-delay-time	7.x 6.7.x 6.6.x 6.5.x	Time taken (in milliseconds) to connect to ICAP respmod service
x-bluecoat-icap-respmod-service-time	7.x 6.7.x 6.6.x 6.5.x	Time taken (in milliseconds) for ICAP respmod service once connected
x-bluecoat-nc-evaluation-time	7.x 6.7.x 6.6.x 6.5.x	Time taken (in milliseconds) to evaluation policy at NC
x-bluecoat-request-latency	7.x 6.7.x 6.6.x 6.5.x	Time from CI start to server connection start
x-bluecoat-response-first-byte-latency	7.x 6.7.x 6.6.x 6.5.x	Time from first response byte received from server to first response byte sent to client
x-bluecoat-response-last-byte-latency	7.x 6.7.x 6.6.x 6.5.x	Time from last response byte received from server to last response byte sent to client
x-bluecoat-si-evaluation-time	7.x 6.7.x 6.6.x 6.5.x	Time taken (in milliseconds) to evaluate policy at SI
x-bluecoat-so-evaluation-time	7.x 6.7.x 6.6.x 6.5.x	Time taken (in milliseconds) to evaluate policy at SO
x-bluecoat-start-time-mssql	7.x 6.7.x 6.6.x 6.5.x	Start local time of the transaction represented as a serial date time
x-bluecoat-start-time-wft	7.x 6.7.x 6.6.x 6.5.x	Start local time of the transaction represented as a windows file time
x-bluecoat-total-policy-evaluation-time	7.x 6.7.x 6.6.x 6.5.x	Total time spent evaluating policy for this transaction
x-bluecoat-total-time-added	7.x 6.7.x 6.6.x 6.5.x	Total of request latency and response latency to last byte

URL
c-uri	7.x 6.7.x 6.6.x 6.5.x	The original URL requested.
c-uri-address	7.x 6.7.x 6.6.x 6.5.x	IP address from the original URL requested. DNS is used if the URL is expressed as a hostname.
c-uri-cookie-domain	7.x 6.7.x 6.6.x 6.5.x	The cookie domain of the original URL requested
c-uri-extension	7.x 6.7.x 6.6.x 6.5.x	Document extension from the original URL requested
c-uri-host	7.x 6.7.x 6.6.x 6.5.x	Hostname from the original URL requested
c-uri-hostname	7.x 6.7.x 6.6.x 6.5.x	Hostname from the original URL requested. RDNS is used if the URL is expressed as an IP address
c-uri-path	7.x 6.7.x 6.6.x 6.5.x	Path of the original URL requested without query.
c-uri-pathquery	7.x 6.7.x 6.6.x 6.5.x	Path and query of the original URL requested
c-uri-port	7.x 6.7.x 6.6.x 6.5.x	Port from the original URL requested
c-uri-query	7.x 6.7.x 6.6.x 6.5.x	Query from the original URL requested
c-uri-scheme	7.x 6.7.x 6.6.x 6.5.x	Scheme of the original URL requested
c-uri-stem	7.x 6.7.x 6.6.x 6.5.x	Stem of the original URL requested
cs-host	7.x 6.7.x 6.6.x	Hostname from the client's request URL. If URL rewrite policies are used, this field's value is derived from the 'log' URL
cs-uri	7.x 6.7.x 6.6.x 6.5.x	The 'log' URL.
cs-uri-address	7.x 6.7.x 6.6.x 6.5.x	IP address from the 'log' URL. DNS is used if URL uses a hostname.
cs-uri-extension	7.x 6.7.x 6.6.x 6.5.x	Document extension from the 'log' URL.
cs-uri-host	7.x 6.7.x 6.6.x 6.5.x	Hostname from the 'log' URL.
cs-uri-hostname	7.x 6.7.x 6.6.x 6.5.x	Hostname from the 'log' URL. RDNS is used if the URL uses an IP address.
cs-uri-path	7.x 6.7.x 6.6.x 6.5.x	Path from the 'log' URL. Does not include query.
cs-uri-pathquery	7.x 6.7.x 6.6.x 6.5.x	Path and query from the 'log' URL.
cs-uri-port	7.x 6.7.x 6.6.x 6.5.x	Port from the 'log' URL.
cs-uri-query	7.x 6.7.x 6.6.x 6.5.x	Query from the 'log' URL.
cs-uri-scheme	7.x 6.7.x 6.6.x 6.5.x	Scheme from the 'log' URL.
cs-uri-stem	7.x 6.7.x 6.6.x 6.5.x	Stem from the 'log' URL. The stem includes everything up to the end of path, but does not include the query.
s-uri	7.x 6.7.x 6.6.x 6.5.x	The URL used for cache access
s-uri-address	7.x 6.7.x 6.6.x 6.5.x	IP address from the URL used for cache access. DNS is used if the URL is expressed as a hostname
s-uri-extension	7.x 6.7.x 6.6.x 6.5.x	Document extension from the URL used for cache access
s-uri-host	7.x 6.7.x 6.6.x 6.5.x	Hostname from the URL used for cache access
s-uri-hostname	7.x 6.7.x 6.6.x 6.5.x	Hostname from the URL used for cache access. RDNS is used if the URL uses an IP address
s-uri-path	7.x 6.7.x 6.6.x 6.5.x	Path of the URL used for cache access
s-uri-pathquery	7.x 6.7.x 6.6.x 6.5.x	Path and query of the URL used for cache access
s-uri-port	7.x 6.7.x 6.6.x 6.5.x	Port from the URL used for cache access
s-uri-query	7.x 6.7.x 6.6.x 6.5.x	Query string of the URL used for cache access
s-uri-scheme	7.x 6.7.x 6.6.x 6.5.x	Scheme from the URL used for cache access
s-uri-stem	7.x 6.7.x 6.6.x 6.5.x	Stem of the URL used for cache access
sr-uri	7.x 6.7.x 6.6.x 6.5.x	URL of the upstream request
sr-uri-address	7.x 6.7.x 6.6.x 6.5.x	IP address from the URL used in the upstream request. DNS is used if the URL is expressed as a hostname.
sr-uri-extension	7.x 6.7.x 6.6.x 6.5.x	Document extension from the URL used in the upstream request
sr-uri-host	7.x 6.7.x 6.6.x 6.5.x	Hostname from the URL used in the upstream request
sr-uri-hostname	7.x 6.7.x 6.6.x 6.5.x	Hostname from the URL used in the upstream request. RDNS is used if the URL is expressed as an IP address.
sr-uri-path	7.x 6.7.x 6.6.x 6.5.x	Path from the upstream request URL
sr-uri-pathquery	7.x 6.7.x 6.6.x 6.5.x	Path and query from the upstream request URL
sr-uri-port	7.x 6.7.x 6.6.x 6.5.x	Port from the URL used in the upstream request.
sr-uri-query	7.x 6.7.x 6.6.x 6.5.x	Query from the upstream request URL
sr-uri-scheme	7.x 6.7.x 6.6.x 6.5.x	Scheme from the URL used in the upstream request
sr-uri-stem	7.x 6.7.x 6.6.x 6.5.x	Path from the upstream request URL
x-bluecoat-fsh-hash	7.x 6.7.x 6.6.x	The FSH signature
x-bluecoat-fsh-uri	7.x 6.7.x 6.6.x	The FSH URL
x-cs(Referer)-uri-stem	7.x 6.7.x 6.6.x	Stem from the 'Referer' URL. The stem includes everything up to the end of path, but does not include the query.
x-cs-raw-uri	7.x 6.7.x 6.6.x	The 'raw' request URL.
x-cs-raw-uri-host	7.x 6.7.x 6.6.x	Hostname from the 'raw' URL.
x-cs-raw-uri-port	7.x 6.7.x 6.6.x	Port string from the 'raw' URL.
x-cs-raw-uri-scheme	7.x 6.7.x 6.6.x	Scheme string from the 'raw' URL.
x-cs-raw-uri-path	7.x 6.7.x 6.6.x	Path from the 'raw' request URL. Does not include query.
x-cs-raw-uri-pathquery	7.x 6.7.x 6.6.x	Path and query from the 'raw' request URL.
x-cs-raw-uri-query	7.x 6.7.x 6.6.x	Query from the 'raw' request URL.
x-cs-raw-uri-stem	7.x 6.7.x 6.6.x	Stem from the 'raw' request URL. The stem includes everything up to the end of path, but does not include the query.
x-cs(Referer)-uri	7.x 6.7.x 6.6.x	The URL from the Referer header.
x-cs(Referer)-uri-address	7.x 6.7.x 6.6.x	IP address from the 'Referer' URL. DNS is used if URL uses a hostname.
x-cs(Referer)-uri-extension	7.x 6.7.x 6.6.x	Document extension from the 'Referer' URL.
x-cs(Referer)-uri-host	7.x 6.7.x 6.6.x	Hostname from the 'Referer' URL.
x-cs(Referer)-uri-hostname	7.x 6.7.x 6.6.x	Hostname from the 'Referer' URL. RDNS is used if the URL uses an IP address.
x-cs(Referer)-uri-path	7.x 6.7.x 6.6.x	Path from the 'Referer' URL. Does not include query.
x-cs(Referer)-uri-pathquery	7.x 6.7.x 6.6.x	Path and query from the 'Referer' URL.
x-cs(Referer)-uri-port	7.x 6.7.x 6.6.x	Port from the 'Referer' URL.
x-cs(Referer)-uri-query	7.x 6.7.x 6.6.x	Query from the 'Referer' URL.
x-cs(Referer)-uri-scheme	7.x 6.7.x 6.6.x	Scheme from the 'Referer' URL.

User Authentication
cs-auth-group	7.x 6.7.x 6.6.x	One group that an authenticated user belongs to. If a user belongs to multiple groups, the group logged is determined by the Group Log Order configuration specified in VPM. If Group Log Order is not specified, an arbitrary group is logged. Note that only groups referenced by policy are considered.
cs-auth-groups	7.x 6.7.x 6.6.x	List of groups that an authenticated user belongs to. Note that only groups referenced by policy are included.
cs-auth-type	7.x 6.7.x 6.6.x	Provides the authentication credential types offered to the client by the appliance—Basic, Kerberos, NTLM. (This log field does not report the credential type that the client ultimately used.) These methods are logged as follows: Certificate: Basic + NTLM + Kerberos NTLM: NTLM only Digest: NTLM + Kerberos
cs-realm	7.x 6.7.x 6.6.x	Authentication realm that the user was challenged in.
cs-user	7.x 6.7.x 6.6.x	Qualified username for NTLM. Relative username for other protocols
cs-userdn	7.x 6.7.x 6.6.x	Full username of a client authenticated to the proxy (fully distinguished)
cs-username	7.x 6.7.x 6.6.x	Relative username of a client authenticated to the proxy (i.e. not fully distinguished)
sc-auth-status	7.x 6.7.x 6.6.x	Client-side: Authorization status
x-agent-sso-cookie	7.x 6.7.x 6.6.x	The authentication agent single sign-on cookie
x-auth-challenge-string	7.x 6.7.x 6.6.x	The authentication challenge to display to the user.
x-auth-credential-type	6.7.x 6.6.x 6.5.x	Logs the method actually used for authentication (Basic, Kerberos, NTLM, and SAML when supported).
x-auth-private-challenge-state	7.x 6.7.x 6.6.x	The private state required to manage an authentication challenge
x-auth-server-name	7.x 6.7.x 6.6.x 6.5.5.1	Set during NTLM authentication over schannel. The DNS name of the domain controller that the schannel is connected.
x-cache-user	7.x 6.7.x 6.6.x	Relative username of a client authenticated to the proxy (i.e. not fully distinguished) (same as cs-username)
x-cs-auth-domain	7.x 6.7.x 6.6.x	The domain of the authenticated user.
x-cs-auth-form-action-url	7.x 6.7.x 6.6.x	The URL to submit the authentication form to.
x-cs-auth-form-domain-field	7.x 6.7.x 6.6.x	The authentication form input field for the user's domain.
x-cs-auth-form-empty-domain-field	7.x 6.7.x 6.6.x	The empty authentication form input field for the user’s domain.
x-cs-auth-request-id	7.x 6.7.x 6.6.x	The base64 encoded string containing the original request information during forms based authentication
x-cs-saml-endpoint	7.x 6.7.x 6.6.x	The endpoint to which a SAML authentication request is being sent.
x-cs-client-address-login-count	7.x 6.7.x 6.6.x	The number of users currently logged in at the client ip address.
x-cs-saml-message-type	7.x 6.7.x 6.6.x	The type of SAML message being transmitted: either SAMLRequest or SAMLResponse
x-cs-saml-postdata	7.x 6.7.x 6.6.x	SAML POST data that should be provided to an external SAML SP or IDP
x-cs-saml-relaystate	7.x 6.7.x 6.6.x	The SAML RelayState for a SAML authentication request
x-cs-user-authorization-name	7.x 6.7.x 6.6.x	Username used to authorize a client authenticated to the proxy
x-cs-user-credential-name	7.x 6.7.x 6.6.x	Username entered by the user to authenticate to the proxy.
x-cs-user-email-address	7.x 6.7.2.1	Email address of an authenticated user. Currently supported for IWA Direct and SAML realms. For unsupported authentication realms, the field returns an empty string.
x-cs-user-login-address	7.x 6.7.x 6.6.x	The IP address that the user was authenticated in.
x-cs-user-login-count	7.x 6.7.x 6.6.x	The number of workstations the user is currently logged in at.
x-cs-user-login-time	7.x 6.7.x 6.6.x	The number of seconds the user had been logged in.
x-cs-user-type	7.x 6.7.x 6.6.x	The type of authenticated user.
x-cs-username-or-ip	7.x 6.7.x 6.6.x	Used to identify the user using either their authenticated proxy username or, if that is unavailable, their IP address.
x-cs-validator-challenge	7.x 6.7.x 6.6.x	The validator challenge data to be displayed
x-cs-validator-challenge-id	7.x 6.7.x 6.6.x	A unique string that identifies the validator challenge
x-cs-validator-form-action-url	7.x 6.7.x 6.6.x	The URL to submit the validation form to
x-lfa-iterator	7.x 6.7.x 6.6.x	The current value being iterated over in the iterate() action.
x-radius-splash-session-id	7.x 6.7.x 6.6.x	Session ID made available through RADIUS when configured for session management
x-radius-splash-username	7.x 6.7.x 6.6.x	Username made available through RADIUS when configured for session management
x-sc-authentication-error	7.x 6.7.x 6.6.x	The user authentication error.
x-sc-authorization-error	7.x 6.7.x 6.6.x	The user authorization error.
x-server-auth-time	7.x 6.7.x 6.6.x 6.5.5.1	Set during NTLM authentication over schannel. The time in milliseconds that it took to perform the authentication.
x-user-x509-issuer	7.x 6.7.x 6.6.x	If the user was authenticated via an X.509 certificate, this is the issuer of the certificate as an RFC2253 DN
x-user-x509-serial-number	7.x 6.7.x 6.6.x	If the user was authenticated via an X.509 certificate, this is the serial number from the certificate as a hexadecimal number.
x-user-x509-subject	7.x 6.7.x 6.6.x	If the user was authenticated via an X.509 certificate, this is the subject of the certificate as an RFC2253 DN

WAF
x-bluecoat-client-address-reputation	7.x	Reputation of the client IP address.
x-bluecoat-client-effective-address-reputation	7.x	Reputation of the effective client IP address.
x-bluecoat-waf-block-details	7.x 6.7.x 6.6.x	Details about the blocked/ monitored request, displayed in JSON format consisting of an array of CSV objects: [{object-1},{object-2},…,{object-N}] Each {object} is a CSV list of "key":"value" pairs: {"key1":"value1","key2":"value2",…,"keyN":"valueN"} Starting in 6.7.x, these fields include the version of the command injection engine used for the detection: version 2 - Indicates the legacy version used in versions prior to 6.6.5.1. This version targets chained command sequences, and requires command-separation characters to be present in the payload to be effective. version 3 - Indicates the current default version. The command injection engine detects a wider set of attacks, including non-chained command injection payloads. Symantec recommends that you use this version. Starting in 7.x, these fields show details about constraint violations (defined by define constraint_set) including the request part, the line in the define constraint_set policy, and matched data.
x-bluecoat-waf-monitor-details	7.x 6.7.x 6.6.x
x-bluecoat-waf-attack-family	7.x 6.7.x 6.6.x	Natural language description of the detected attack family. Starting in 7.x, this field displays "Constraint Violation" when a constraint violation, defined by define constraint_set, occurs.
x-bluecoat-waf-scan-info	7.x 6.7.x	If policy includes the http.request.detection.bypass_cache_hit(yes) property, the x-bluecoat-waf-scan-info field in the bcreporterwarp_v1 access log format indicates if WAF processing is intentionally skipped due to cache hit optimization being bypassed. If WAF engines scan a transaction, the field reports WAF_SCANNED. If WAF evaluation does not occur due to the presence of http.request.detection.bypass_cache_hit(yes) property or the absence of WAF policy, the field reports WAF_SCAN_BYPASSED. If no WAF policy is present, the field reports WAF_DISABLED.
x-risk-category	6.5.5.7	A comma-separated list of risk categories detected by http.request.detection scan settings. Deprecated in 6.6.x and later.
x-risk-score	7.x 6.7.x 6.6.x 6.5.5.7	Total risk score calculated during the WAF scanning process for a given HTTP request Note: When used in policy, this substitution must be used in conjunction with the conditional trigger risk_score=n
x-rule-id	7.x 6.7.x 6.6.x	Rule ID used during reverse proxying
x-server-application-group	7.x 6.7.x 6.6.x	Server application group used during reverse proxying
x-server-application-group-id	7.x 6.7.x 6.6.x	Server application group ID used during reverse proxying
x-server-application-id	7.x 6.7.x 6.6.x	Server application ID used during reverse proxying
x-server-application-name	7.x 6.7.x 6.6.x	Server application name used during reverse proxying

CIFS
x-cifs-bytes-written	7.x 6.7.x 6.6.x 6.5.x	Total number of bytes written to the associated resource.
x-cifs-client-bytes-read	7.x 6.7.x 6.6.x 6.5.x	Total number of bytes read by CIFS client from the associated resource.
x-cifs-client-read-operations	7.x 6.7.x 6.6.x 6.5.x	Total number of read operations issued by the CIFS client for the associated resource.
x-cifs-client-other-operations	7.x 6.7.x 6.6.x 6.5.x	Total number of non read/write operations issued by the CIFS client for the associated resource.
x-cifs-client-write-operations	7.x 6.7.x 6.6.x 6.5.x	Total number of write operations issued by the CIFS client for the associated resource.
x-cifs-dos-error-class	7.x 6.7.x 6.6.x 6.5.x	DOS error class generated by server, in hexadecimal.
x-cifs-dos-error-code	7.x 6.7.x 6.6.x 6.5.x	Error code generated by server.
x-cifs-error-code	7.x 6.7.x 6.6.x 6.5.x	Number of bytes sent from appliance to client.
x-cifs-fid	7.x 6.7.x 6.6.x 6.5.x	ID representing a CIFS resource.
x-cifs-fid-persistent	7.x 6.7.x 6.6.x 6.5.x	Persistent ID representing a CIFS resource.
x-cifs-file-size	7.x 6.7.x 6.6.x 6.5.x	Size of CIFS resource, in bytes.
x-cifs-file-type	7.x 6.7.x 6.6.x 6.5.x	Type of CIFS resource.
x-cifs-method	7.x 6.7.x 6.6.x 6.5.x	The method associated with the CIFS request.
x-cifs-nt-error-code	7.x 6.7.x 6.6.x 6.5.x	NT error code generated by server, in hexadecimal.
x-cifs-orig-path	7.x 6.7.x 6.6.x 6.5.x	Original path name of resource to be renamed
x-cifs-orig-unc-path	7.x 6.7.x 6.6.x 6.5.x	UNC path of original path name of resource to be renamed
x-cifs-path	7.x 6.7.x 6.6.x 6.5.x	CIFS resource name as specified in the UNC path
x-cifs-server	7.x 6.7.x 6.6.x 6.5.x	CIFS server as specified in the UNC path
x-cifs-server-bytes-read	7.x 6.7.x 6.6.x 6.5.x	Total number of bytes read by CIFS server from the associated resource
x-cifs-server-operations	7.x 6.7.x 6.6.x 6.5.x	Total number of operations issued to the CIFS server for the associated resource
x-cifs-share	7.x 6.7.x 6.6.x 6.5.x	CIFS share name as specified in the UNC path
x-cifs-tid	7.x 6.7.x 6.6.x 6.5.x	ID representing instance of an authenticated connection to server resource
x-cifs-uid	7.x 6.7.x 6.6.x 6.5.x	ID representing an authenticated user instance
x-cifs-unc-path	7.x 6.7.x 6.6.x 6.5.x	CIFS path of the following form: \\\\server\\share\\path The path can be empty.

MAPI
x-mapi-connection-type	7.x 6.7.x 6.6.x 6.5.x	The type of MAPI connection
x-mapi-cs-rpc-count	7.x 6.7.x 6.6.x 6.5.x	The count of RPC messages received from the client
x-mapi-endpoint-rpc-count	7.x 6.7.x 6.6.x 6.5.x	Total number of RPC messages sent to the end point
x-mapi-method	7.x 6.7.x 6.6.x 6.5.x	The method associated with the MAPI request
x-mapi-peer-rpc-count	7.x 6.7.x 6.6.x 6.5.x	Total number of RPC messages sent to the peer
x-mapi-rs-rpc-count	7.x 6.7.x 6.6.x 6.5.x	The count of RPC messages received from the server
x-mapi-sc-rpc-count	7.x 6.7.x 6.6.x 6.5.x	The count RPC messages sent to the client
x-mapi-sr-rpc-count	7.x 6.7.x 6.6.x 6.5.x	The count of RPC messages sent to the server
x-mapi-user	7.x 6.7.x 6.6.x 6.5.x	The name of the user negotiated by MAPI. See x-mapi-user-dn for the fully distinguished name.
x-mapi-user-dn	7.x 6.7.x 6.6.x 6.5.x	The distinguished name of the user negotiated by MAPI

Office 365
x-mail-attachments	7.x 6.7.x 6.6.4.1	List of comma-separated names of the e-mail’s attachments or embedded objects.
x-mail-attachments-removed	7.x 6.7.x 6.6.4.1	List of comma-separated names of e-mail attachments flagged by ICAP scanning.
x-mail-cc	7.x 6.7.x 6.6.4.1	List of comma-separated recipient e-mail addresses in the CC field.
x-mail-from	7.x 6.7.x 6.6.4.1	Sender’s e-mail address.
x-mail-message-id	7.x 6.7.x 6.6.4.1	64-bit identifier that identifies the message uniquely.
x-mail-operation	7.x 6.7.x 6.6.4.1	The e-mail operation: SEND or RECEIVE.
x-mail-to	7.x 6.7.x 6.6.4.1	List of comma-separated recipient e-mail address(es) in the To field.
x-mail-user	7.x 6.7.x 6.6.4.1	User’s e-mail address.

P2P
x-p2p-client-bytes	7.x 6.7.x 6.6.x 6.5.x	Number of bytes from client
x-p2p-client-info	7.x 6.7.x 6.6.x 6.5.x	The peer-to-peer client information
x-p2p-client-type	7.x 6.7.x 6.6.x 6.5.x	The peer-to-peer client type
x-p2p-peer-bytes	7.x 6.7.x 6.6.x 6.5.x	Number of bytes from peer

Special Characters
x-bluecoat-special-amp	7.x 6.7.x 6.6.x 6.5.x	The ampersand character (&)
x-bluecoat-special-apos	7.x 6.7.x 6.6.x 6.5.x	The apostrophe or single quote character (')
x-bluecoat-special-cr	7.x 6.7.x 6.6.x 6.5.x	Resolves to the carriage return character
x-bluecoat-special-crlf	7.x 6.7.x 6.6.x 6.5.x	Resolves to a carriage return/line feed sequence
x-bluecoat-special-empty	7.x 6.7.x 6.6.x 6.5.x	Resolves to an empty string
x-bluecoat-special-esc	7.x 6.7.x 6.6.x 6.5.x	Resolves to the escape character (ASCII HEX 1B)
x-bluecoat-special-gt	7.x 6.7.x 6.6.x 6.5.x	The greater-than character (>)
x-bluecoat-special-lf	7.x 6.7.x 6.6.x 6.5.x	The line feed character
x-bluecoat-special-lt	7.x 6.7.x 6.6.x 6.5.x	The less-than character (<)
x-bluecoat-placeholder	7.x 6.7.x 6.6.x 6.5.x	A placeholder represented by a dash (-)
x-bluecoat-special-quot	7.x 6.7.x 6.6.x 6.5.x	The double quote character (")
x-bluecoat-special-slash	7.x 6.7.x 6.6.x 6.5.x	The forward slash character (/)

Streaming Media
audiocodec	7.x 6.7.x 6.6.x 6.5.x	Audio codec used in stream.
avgbandwidth	7.x 6.7.x 6.6.x 6.5.x	Average bandwidth (in bits per second) at which the client was connected to the server.
channelURL	7.x 6.7.x 6.6.x 6.5.x	URL to the .nsc file
c-buffercount	7.x 6.7.x 6.6.x 6.5.x	Number of times the client buffered while playing the stream.
c-bytes	7.x 6.7.x 6.6.x 6.5.x	An MMS-only value of the total number of bytes delivered to the client.
c-cpu	7.x 6.7.x 6.6.x 6.5.x	Client computer CPU type.
c-hostexe	7.x 6.7.x 6.6.x 6.5.x	Host application
c-hostexever	7.x 6.7.x 6.6.x 6.5.x	Host application version number
c-os	7.x 6.7.x 6.6.x 6.5.x	Client computer operating system
c-osversion	7.x 6.7.x 6.6.x 6.5.x	Client computer operating system version number
c-pkts-lost-client	7.x 6.7.x 6.6.x 6.5.x	Number of packets lost during transmission from server to client and not recovered at the client layer via error correction or at the network layer via UDP resends.
c-pkts-lost-cont-net	7.x 6.7.x 6.6.x 6.5.x	Maximum number of continuously lost packets on the network layer during transmission from server to client
c-pkts-lost-net	7.x 6.7.x 6.6.x 6.5.x	Number of packets lost on the network layer
c-pkts-received	7.x 6.7.x 6.6.x 6.5.x	Number of packets from the server (s-pkts-sent) that are received correctly by the client on the first try
c-pkts-recovered-ECC	7.x 6.7.x 6.6.x 6.5.x	Number of packets repaired and recovered on the client layer
c-pkts-recovered-resent	7.x 6.7.x 6.6.x 6.5.x	Number of packets recovered because they were resent via UDP.
c-playerid	7.x 6.7.x 6.6.x 6.5.x	Globally unique identifier (GUID) of the player
c-playerlanguage	7.x 6.7.x 6.6.x 6.5.x	Client language-country code
c-playerversion	7.x 6.7.x 6.6.x 6.5.x	Version number of the player
c-quality	7.x 6.7.x 6.6.x 6.5.x	The percentage of packets that were received by the client, indicating the quality of the stream
c-rate	7.x 6.7.x 6.6.x 6.5.x	Mode of Windows Media Player when the last command event was sent
c-resendreqs	7.x 6.7.x 6.6.x 6.5.x	Number of client requests to receive new packets
c-starttime	7.x 6.7.x 6.6.x 6.5.x	Timestamp (in seconds) of the stream when an entry is generated in the log file.
c-status	7.x 6.7.x 6.6.x 6.5.x	Codes that describe client status
c-totalbuffertime	7.x 6.7.x 6.6.x 6.5.x	Time (in seconds) the client used to buffer the stream
filelength	7.x 6.7.x 6.6.x 6.5.x	Length of the file (in seconds).
filesize	7.x 6.7.x 6.6.x 6.5.x	Size of the file (in bytes).
protocol	7.x 6.7.x 6.6.x 6.5.x	Protocol used to access the stream: mms, http, or asfm.
s-pkts-sent	7.x 6.7.x 6.6.x 6.5.x	Number of packets from the server
s-session-id	7.x 6.7.x 6.6.x 6.5.x	Session ID for the streaming session
s-totalclients	7.x 6.7.x 6.6.x 6.5.x	Clients connected to the server (but not necessarily receiving streams).
transport	7.x 6.7.x 6.6.x 6.5.x	Transport protocol used (UDP, TCP, multicast, etc.)
videocodec	7.x 6.7.x 6.6.x 6.5.x	Video codec used to encode the stream.
x-cache-info	7.x 6.7.x 6.6.x 6.5.x	Values: UNKNOWN, DEMAND_PASSTHRU, DEMAND_MISS, DEMAND_HIT, LIVE_PASSTHRU, LIVE_SPLIT
x-cs-streaming-client	7.x 6.7.x 6.6.x 6.5.x	Type of streaming client in use (windows_media, real_media, quicktime, flash, ms_smooth).
x-duration	7.x 6.7.x 6.6.x 6.5.x	Length of time a client played content prior to a client event (FF, REW, Pause, Stop, or jump to marker).
x-rs-streaming-content	7.x 6.7.x 6.6.x 6.5.x	Type of streaming content served (windows_media, real_media,quicktime,flash). Note that ms_smooth (Smooth Streaming over HTTP) is not a possible value for this field.
x-streaming-bitrate	7.x 6.7.x 6.6.x 6.5.x	The reported client-side bitrate for the stream
x-streaming-rtmp-app-name	7.x 6.7.x 6.6.x 6.5.x	Application name requested by the Flash client
x-streaming-rtmp-method	7.x 6.7.x 6.6.x 6.5.x	Request method used from Flash client to appliance
x-streaming-rtmp-page-url	7.x 6.7.x 6.6.x 6.5.x	URL of the web page in which the Flash client SWF file is embedded
x-streaming-rtmp-stream-name	7.x 6.7.x 6.6.x 6.5.x	Name of the stream requested by the Flash client
x-streaming-rtmp-swf-url	7.x 6.7.x 6.6.x 6.5.x	URL of the Flash client SWF file
x-wm-c-dns	7.x 6.7.x 6.6.x 6.5.x	Hostname of the client determined from the Windows Media protocol
x-wm-c-ip	7.x 6.7.x 6.6.x 6.5.x	The client IP address determined from the Windows Media protocol

WebEx Proxy
x-collaboration-meeting-id	7.x 6.7.x 6.6.x	WebEx meeting ID.
x-collaboration-method	7.x 6.7.x 6.6.x	Method associated with the WebEx collaboration request.
x-collaboration-user-id	7.x 6.7.x 6.6.x	WebEx userID; typically, the user's email address.
x-webex-site	7.x 6.7.x 6.6.x	Site that hosted the WebEx session.

Feedback

thumb_up Yes

thumb_down No