Tag reference guide

Updated: September 15, 2025

Tags are labels automatically applied to requests to help classify, detect, and analyze traffic based on content, security risks, authentication, language, and more. Tags can be used as filters on the traffic dashboard to include or exclude requests with specific characteristics.

SQL Injection Tags

SQL injection present
SQL injection present in header
SQL injection present in body
GraphQL variable with SQL injection present
SQL injection in GraphQL

Request Tags

Request successful
Invalid request
Request redirected successfully
Request made from a public IP address
Request made from an internal IP address
Request contains an authorization header
Health check request
HTTP request
Bad request
Bad authentication request
Missing referrer
Has referrer
Internal server error
Not API Traffic
The request is suspicious
The request is malicious
Request body is invalid JSON
Request Content-Type is JSON
Response body is invalid JSON
Response Content-Type is JSON
Request payload is malformed JSON
Response payload is malformed JSON
Malformed payload
Request path contains non-standard characters
Request path contains reference to 'zhttpd'

IP Address

Request path contains an IPv4 address
Request URI contains an IP address
Request URI contains an IPv4 address
Request URI contains an IPv6 address

User Agent & Bot Detection Tags

Browser based user agent
User agent is from a non standard browser
User agent is from a non standard OS
User agent is from a bot
Bot detected
The endpoint is a known bot requested endpoint

Suspicious PHP Injection Tags

PHP payload contains string base64_decode
PHP payload contains string eval
PHP payload contains string exec
PHP payload contains string system
PHP payload contains string passthru
PHP payload contains string shell_exec
PHP payload contains string popen
PHP payload contains string proc_open
PHP payload contains string pcntl_exec
PHP injection patterns detected

XSS (Cross-Site Scripting) Tags

Potential XSS in either the request body or headers
Request body contains the potential XSS
Request headers contains the potential XSS

Authentication Tags

Request contains basic authentication
API key authentication
OAuth authentication
Digest authentication
Request contains hoba authentication
Request contains mutual authentication
Request contains ntlm authentication
Request contains vapid authentication
Request contains scram authentication
Request contains hawk authentication
Request contains aws authentication
Request contains negotiate authentication
Request contains unrecognized authentication

PII Tags

PII: Credit card number (American Express)
PII: Credit card number (BC Global)
PII: Credit card number (Diners Club)
PII: Credit card number (Discover)
PII: Credit card number (JCB)
PII: Credit card number (Maestro)
PII: Credit card number (Mastercard)
PII: Credit card number (UnionPay)
PII: Credit card number (Visa)

Authentication Token & PII Tags

Request contains an AWS Secret Access Key
Request contains an AWS Secret Access Key ID
Request contains an AWS MWS Auth Token
Request contains a JWT Token
Request contains a Meta (Facebook) Access Token
Request contains a Github Personal Access Token
Request contains a Gitlab Trigger Token
Request contains a Gitlab Runner Registration Token
Request contains a Google API Key
Request contains a Google OAuth Token
Request contains a Google OAuth Access Token
Request contains a MailGun API Key
Request contains a PayPal Braintree Access Token
Request contains a Picatic API Key
Request contains a SendGrid API Key
Request contains a Slack Token
Request contains a Slack Webhook
Request contains a Square Access Token
Request contains a Stripe API Key
Request contains a Twilio API Key
Request contains a Mailchimp API Key
PII: Email address present
PII: Email address present in input
PII: Email address present in output
Request contains PII data
Request contains a banking IBAN number

GraphQL Tags

GraphQL Query detected
GraphQL Mutation detected
GraphQL Subscription detected
GraphQL Endpoint
GraphQL Request
Request has GraphQL metrics

Miscellaneous Tags

Request contains multiple languages
Request contains base64 encoded content
Request contains English language in input
Request contains English language in output
Temporary email domain used
Contains cookie(s)

Language Tags

Dozens of languages are automatically detected and tagged in requests, such as Italian, Tamil, Latvian, Japanese, Punjabi and so on.

Need help?