QlikWorld 2020 Global Conference. Join us to discover how to get the most from your data. Act fast. Register now and save.

X-Qlik-Security header

Requests sent to external modules, the Qlik Sense Repository Service (QRS), Qlik Management Console (QMC), and Qlik Sense Engine Service (QES) have the X-Qlik-Security header injected.

The header has the following format:

X-Qlik-Security: SecureRequest=true; Context=ManagementAccess; TicketAttribute1=TicketValue1; TicketAttribute2=; … TicketAttributen=TicketValuen;

where:

  • SecureRequest: True or false
  • Context: ManagementAccess (for QMC access) or AppAccess (for QES access)
  • TicketAttributex and TicketValuex are the ones posted along with the user ID via the Authentication API when Authentication modules create tickets for users. Ticket attributes with empty values use the “=” (equal) sign (for example, see TicketAttribute2 above).

If the Extended security environment setting has been enabled in the QMC, the header has the following format:

X-Qlik-Security: OS=Windows; Device=Default; Browser=Chrome 21.0.1180.79; SecureRequest=true; IP=10.88.3.35; Context=ManagementAccess; TicketAttribute1=TicketValue1; TicketAttribute2=; … TicketAttributen=TicketValuen;

where:

  • OS: Windows, Linux, Mac OS X, or Unknown
  • Device: iPhone, iPad, or Default
  • Browser: Chrome, Firefox, Safari, MSIE, or Unknown followed by version number
  • IP: IP number

Did this information help you?

Thanks for letting us know. Is there anything you'd like to tell us about this topic?

Can you tell us why it did not help you and how we can improve it?