ICAP response headers

Besides the standard ICAP headers following response headers are used by the MetaDefender ICAP Server:

Header nameDescriptionExampleNote
X-Blocked-ReasonMetaDefender specific custom header. Contains the blocking reason of the content.X-Blocked-Reason: InfectedIt is available only if the content was scanned and some violations were found.
X-ICAP-ProfileContains the applied workflow's name.X-ICAP-Profile: ProxyIt is available only if the file was scanned.
X-Response-InfoContains the one word description of the action the ICAP server applied on the request.X-Response-Info: Allowed X-Response-Info: Blocked X-Response-Info: OptionsThis header is available in all responses sent by the ICAP server.
X-Response-DescContains the blocking reason.X-Response-Desc: Infected X-Response-Desc: Encrypted ArchiveThe header is available in all "blocked" responses. In case of the content was scanned and some violations were found, the returned string is equivalent to X-Blocked-Reason's value.
X-Virus-IDContains a short description of the threat that was found in the content. If multiple threats were found, only the first one is returned.X-Virus-ID: EICAR Test String X-Virus-ID: Encrypted ArchiveThe header is available only if the content was scanned and some violations were found.
X-Infection-Found

Contains the description of the threat that was found in the content. If multiple threats were found, only the first one is returned. The value is a semicolon separated list with three parameters:

  • Type

    • 0: Infection has been found
    • 2: Container violation has been found

  • Resolution:

    • 0: The suspicious content was not repaired

  • Threat: Threat name

X-Infection-Found: Type=0; Resolution=0; Threat=EICAR Test String; X-Infection-Found: Type=2; Resolution=0; Threat=Encrypted Archive;The header is present only if the content was scanned and some violations were found.
X-Violations-Found

Contains the detailed description of the violations that were found. If the scanned content was an archive, the scan results for the contained files too are listed. If multiple threats were found for a single file, only the first one is returned. The structure of the header value is the following: The first line contains the number of the reported violations. The following lines contain the details. Filename Threat name ProblemID (currently 0 returned for all threats) ResolutionID:

  • 0: File was not repaired
  • 1: File was repaired
  • 2: Violating part was removed
X-Violations-Found: 2 test.zip EICAR Test String 0
0 \eicar.txt EICAR Test String 0
0		The header is present only if the content was scanned and some violations were found.
X-IncludeContains the list of requested headers, that the ICAP clients should add to the requests, if the information is available.X-Include: X-Client-IPThe header is present only in Options responses.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
HTTP Header Parsing
On This Page
ICAP response headers