HTTP headers
This page documents the HTTP headers used by Privacy Proxy for authentication, geolocation, and observability. For full observability details, refer to GraphQL Analytics API and OpenTelemetry.
Clients include the following headers when connecting to Privacy Proxy.
Authenticates the client to the proxy. Required for all requests.
Pre-shared key format:
Proxy-Authorization: Preshared <key>Privacy Pass token format:
Proxy-Authorization: PrivateToken token=<base64-encoded-token>| Parameter | Description |
|---|---|
<key> | The pre-shared key provided by Cloudflare |
<base64-encoded-token> | A base64-encoded Privacy Pass token |
When querying Privacy Proxy metrics via the GraphQL Analytics API, send a POST request to https://api.cloudflare.com/client/v4/graphql. For required headers and authentication details, refer to GraphQL Analytics API.
Specifies the client's geographic location for egress IP selection. Optional but recommended for accurate geolocation.
sec-ch-geohash: <geohash>-<country_code>| Parameter | Description |
|---|---|
<geohash> | A geohash ↗ string (typically 4-8 characters) |
<country_code> | ISO 3166-1 alpha-2 country code |
sec-ch-geohash: u4pruydqqvj-GBThis example specifies a location in the United Kingdom.
Privacy Proxy includes the following headers in responses.
Provides timing information about proxy processing. This is part of the OpenTelemetry observability pipeline.
Server-Timing: proxy;dur=<milliseconds>| Parameter | Description |
|---|---|
<milliseconds> | Processing time in milliseconds introduced by the proxy |
Server-Timing: proxy;dur=8.2For response headers returned by the GraphQL API, refer to GraphQL Analytics API.
A complete CONNECT request to Privacy Proxy looks like this:
CONNECT example.com:443 HTTP/2Host: example.comProxy-Authorization: Preshared abc123xyzsec-ch-geohash: 9q8yy-USThe proxy responds with a status code indicating success or failure:
| Status | Meaning |
|---|---|
200 OK | Tunnel established successfully |
403 Forbidden | Authentication failed |
502 Bad Gateway | Could not connect to destination |
503 Service Unavailable | Proxy temporarily unavailable |