Light Dark Auto


Derive Client Certificate HTTP headers

GSLHTTPAvailable since: v1
The Inheaders filter sets up HTTP request headers on all incoming traffic. The headers that will be applied by this filter are outlined in the table below. Inheaders should only be configured on TLS-enabled Listeners to allow Impersonation.

Upon enabling the Inheaders filter, the following headers will be applied to requests passing through the Edge Proxy:

  • USER_DN - Certificate’s DN value (if user_dn header exists in the incoming request, this filter will not alter the header value).
  • SSL_CLIENT_S_DN - Certificate’s DN value.
  • EXTERNAL_SYS_DN - Certificate’s DN value (only if the incoming request has user_dn header set).
  • X-REAL-IP - The remote address of the incoming request.
  • X-FORWARDED-FOR - Certificate’s DN value.


The base GSL type is #InheadersFilter



If true, filter debug logging is enabled. Default is false.


Setting debug to true is useful for debugging, but is not a replacement for the Audit filters.

  #options: {
    debug: true