From b8cf4d22aa82ab90aceed95b208768da6d42e20c Mon Sep 17 00:00:00 2001 From: lcian <17258265+lcian@users.noreply.github.com> Date: Tue, 16 Dec 2025 22:19:04 +0100 Subject: [PATCH 1/2] feat: Add http.request/response.header.cookie. --- generated/attributes/all.md | 5 +- generated/attributes/http.md | 26 +++++++ .../sentry-conventions/src/attributes.ts | 74 +++++++++++++++++++ .../http__request__header__cookie__[key].json | 12 +++ ...http__response__header__cookie__[key].json | 12 +++ python/src/sentry_conventions/attributes.py | 46 ++++++++++++ 6 files changed, 173 insertions(+), 2 deletions(-) create mode 100644 model/attributes/http/http__request__header__cookie__[key].json create mode 100644 model/attributes/http/http__response__header__cookie__[key].json diff --git a/generated/attributes/all.md b/generated/attributes/all.md index 0357f9b4..5aa28465 100644 --- a/generated/attributes/all.md +++ b/generated/attributes/all.md @@ -4,7 +4,7 @@ This page lists all available attributes across all categories. -Total attributes: 410 +Total attributes: 411 ## Stable Attributes @@ -126,6 +126,7 @@ Total attributes: 410 | [`http.request.domain_lookup_start`](./http.md#httprequestdomain_lookup_start) | The UNIX timestamp representing the time immediately before the browser starts the domain name lookup for the resource. | | [`http.request.fetch_start`](./http.md#httprequestfetch_start) | The UNIX timestamp representing the time immediately before the browser starts to fetch the resource. | | [`http.request.header.\`](./http.md#httprequestheaderkey) | HTTP request headers, being the normalized HTTP Header name (lowercase), the value being the header values. | +| [`http.request.header.cookie.\`](./http.md#httprequestheadercookiekey) | Cookies included by the client in an HTTP request, where is the cookie name and the value of the attribute is the cookie value. | | [`http.request.method`](./http.md#httprequestmethod) | The HTTP method used. | | [`http.request.redirect_end`](./http.md#httprequestredirect_end) | The UNIX timestamp representing the timestamp immediately after receiving the last byte of the response of the last redirect | | [`http.request.redirect_start`](./http.md#httprequestredirect_start) | The UNIX timestamp representing the start time of the fetch which that initiates the redirect. | @@ -139,6 +140,7 @@ Total attributes: 410 | [`http.response.body.size`](./http.md#httpresponsebodysize) | The encoded body size of the response (in bytes). | | [`http.response.header.\`](./http.md#httpresponseheaderkey) | HTTP response headers, being the normalized HTTP Header name (lowercase), the value being the header values. | | [`http.response.header.content-length`](./http.md#httpresponseheadercontentlength) | The size of the message body sent to the recipient (in bytes) | +| [`http.response.header.cookie.\`](./http.md#httpresponseheadercookiekey) | Cookies returned by the server as part of an HTTP response using the "Set-Cookie" header, where is the cookie name and the value of the attribute is the cookie value. Cookie attributes (e.g. "Secure; HttpOnly") shall not be included as part of the value. | | [`http.response.size`](./http.md#httpresponsesize) | The transfer size of the response (in bytes). | | [`http.response.status_code`](./http.md#httpresponsestatus_code) | The status code of the HTTP response. | | [`http.route`](./http.md#httproute) | The matched route, that is, the path template in the format used by the respective server framework. | @@ -385,7 +387,6 @@ Total attributes: 410 | [`gen_ai.prompt`](./gen_ai.md#gen_aiprompt) | No replacement | | [`gen_ai.usage.completion_tokens`](./gen_ai.md#gen_aiusagecompletion_tokens) | [`gen_ai.usage.output_tokens`](./gen_ai.md#gen_aiusageoutput_tokens) | | [`gen_ai.usage.prompt_tokens`](./gen_ai.md#gen_aiusageprompt_tokens) | [`gen_ai.usage.input_tokens`](./gen_ai.md#gen_aiusageinput_tokens) | -| [`gen_ai.usage.total_cost`](./gen_ai.md#gen_aiusagetotal_cost) | [`gen_ai.cost.total_tokens`](./gen_ai.md#gen_aicosttotal_tokens) | | [`http.client_ip`](./http.md#httpclient_ip) | [`client.address`](./client.md#clientaddress) | | [`http.flavor`](./http.md#httpflavor) | [`network.protocol.version`](./network.md#networkprotocolversion) | | [`http.host`](./http.md#httphost) | [`server.address`](./server.md#serveraddress) | diff --git a/generated/attributes/http.md b/generated/attributes/http.md index 46f8fb68..d781c38a 100644 --- a/generated/attributes/http.md +++ b/generated/attributes/http.md @@ -12,6 +12,7 @@ - [http.request.domain_lookup_start](#httprequestdomain_lookup_start) - [http.request.fetch_start](#httprequestfetch_start) - [http.request.header.\](#httprequestheaderkey) + - [http.request.header.cookie.\](#httprequestheadercookiekey) - [http.request.method](#httprequestmethod) - [http.request.redirect_end](#httprequestredirect_end) - [http.request.redirect_start](#httprequestredirect_start) @@ -25,6 +26,7 @@ - [http.response.body.size](#httpresponsebodysize) - [http.response.header.\](#httpresponseheaderkey) - [http.response.header.content-length](#httpresponseheadercontentlength) + - [http.response.header.cookie.\](#httpresponseheadercookiekey) - [http.response.size](#httpresponsesize) - [http.response.status_code](#httpresponsestatus_code) - [http.route](#httproute) @@ -144,6 +146,18 @@ HTTP request headers, \ being the normalized HTTP Header name (lowercase), | Has dynamic suffix | Yes | | Example | `http.request.header.custom-header=['foo', 'bar']` | +### http.request.header.cookie.\ + +Cookies included by the client in an HTTP request, where \ is the cookie name and the value of the attribute is the cookie value. + +| Property | Value | +| --- | --- | +| Type | `string` | +| Has PII | true | +| Exists in OpenTelemetry | No | +| Has dynamic suffix | Yes | +| Example | `lang=en-US` | + ### http.request.method The HTTP method used. @@ -291,6 +305,18 @@ The size of the message body sent to the recipient (in bytes) | Example | `http.response.header.custom-header=['foo', 'bar']` | | Aliases | `http.response_content_length`, `http.response.body.size` | +### http.response.header.cookie.\ + +Cookies returned by the server as part of an HTTP response using the "Set-Cookie" header, where \ is the cookie name and the value of the attribute is the cookie value. Cookie attributes (e.g. "Secure; HttpOnly") shall not be included as part of the value. + +| Property | Value | +| --- | --- | +| Type | `string` | +| Has PII | true | +| Exists in OpenTelemetry | No | +| Has dynamic suffix | Yes | +| Example | `lang=en-US` | + ### http.response.size The transfer size of the response (in bytes). diff --git a/javascript/sentry-conventions/src/attributes.ts b/javascript/sentry-conventions/src/attributes.ts index 8dd3c0f8..d316ba70 100644 --- a/javascript/sentry-conventions/src/attributes.ts +++ b/javascript/sentry-conventions/src/attributes.ts @@ -3218,6 +3218,28 @@ export const HTTP_REQUEST_FETCH_START = 'http.request.fetch_start'; */ export type HTTP_REQUEST_FETCH_START_TYPE = number; +// Path: model/attributes/http/http__request__header__cookie__[key].json + +/** + * Cookies included by the client in an HTTP request, where is the cookie name and the value of the attribute is the cookie value. `http.request.header.cookie.` + * + * Attribute Value Type: `string` {@link HTTP_REQUEST_HEADER_COOKIE_KEY_TYPE} + * + * Contains PII: true + * + * Attribute defined in OTEL: No + * + * Has Dynamic Suffix: true + * + * @example "lang=en-US" + */ +export const HTTP_REQUEST_HEADER_COOKIE_KEY = 'http.request.header.cookie.'; + +/** + * Type for {@link HTTP_REQUEST_HEADER_COOKIE_KEY} http.request.header.cookie. + */ +export type HTTP_REQUEST_HEADER_COOKIE_KEY_TYPE = string; + // Path: model/attributes/http/http__request__header__[key].json /** @@ -3509,6 +3531,28 @@ export const HTTP_RESPONSE_HEADER_CONTENT_LENGTH = 'http.response.header.content */ export type HTTP_RESPONSE_HEADER_CONTENT_LENGTH_TYPE = string; +// Path: model/attributes/http/http__response__header__cookie__[key].json + +/** + * Cookies returned by the server as part of an HTTP response using the "Set-Cookie" header, where is the cookie name and the value of the attribute is the cookie value. Cookie attributes (e.g. "Secure; HttpOnly") shall not be included as part of the value. `http.response.header.cookie.` + * + * Attribute Value Type: `string` {@link HTTP_RESPONSE_HEADER_COOKIE_KEY_TYPE} + * + * Contains PII: true + * + * Attribute defined in OTEL: No + * + * Has Dynamic Suffix: true + * + * @example "lang=en-US" + */ +export const HTTP_RESPONSE_HEADER_COOKIE_KEY = 'http.response.header.cookie.'; + +/** + * Type for {@link HTTP_RESPONSE_HEADER_COOKIE_KEY} http.response.header.cookie. + */ +export type HTTP_RESPONSE_HEADER_COOKIE_KEY_TYPE = string; + // Path: model/attributes/http/http__response__header__[key].json /** @@ -8698,6 +8742,7 @@ export const ATTRIBUTE_TYPE: Record = { [HTTP_REQUEST_DOMAIN_LOOKUP_END]: 'double', [HTTP_REQUEST_DOMAIN_LOOKUP_START]: 'double', [HTTP_REQUEST_FETCH_START]: 'double', + [HTTP_REQUEST_HEADER_COOKIE_KEY]: 'string', [HTTP_REQUEST_HEADER_KEY]: 'string[]', [HTTP_REQUEST_METHOD]: 'string', [HTTP_REQUEST_REDIRECT_END]: 'double', @@ -8712,6 +8757,7 @@ export const ATTRIBUTE_TYPE: Record = { [HTTP_RESPONSE_BODY_SIZE]: 'integer', [HTTP_RESPONSE_CONTENT_LENGTH]: 'integer', [HTTP_RESPONSE_HEADER_CONTENT_LENGTH]: 'string', + [HTTP_RESPONSE_HEADER_COOKIE_KEY]: 'string', [HTTP_RESPONSE_HEADER_KEY]: 'string[]', [HTTP_RESPONSE_SIZE]: 'integer', [HTTP_RESPONSE_STATUS_CODE]: 'integer', @@ -9110,6 +9156,7 @@ export type AttributeName = | typeof HTTP_REQUEST_DOMAIN_LOOKUP_END | typeof HTTP_REQUEST_DOMAIN_LOOKUP_START | typeof HTTP_REQUEST_FETCH_START + | typeof HTTP_REQUEST_HEADER_COOKIE_KEY | typeof HTTP_REQUEST_HEADER_KEY | typeof HTTP_REQUEST_METHOD | typeof HTTP_REQUEST_REDIRECT_END @@ -9124,6 +9171,7 @@ export type AttributeName = | typeof HTTP_RESPONSE_BODY_SIZE | typeof HTTP_RESPONSE_CONTENT_LENGTH | typeof HTTP_RESPONSE_HEADER_CONTENT_LENGTH + | typeof HTTP_RESPONSE_HEADER_COOKIE_KEY | typeof HTTP_RESPONSE_HEADER_KEY | typeof HTTP_RESPONSE_SIZE | typeof HTTP_RESPONSE_STATUS_CODE @@ -10996,6 +11044,18 @@ export const ATTRIBUTE_METADATA: Record = { example: 1732829555.389, sdks: ['javascript-browser'], }, + [HTTP_REQUEST_HEADER_COOKIE_KEY]: { + brief: + 'Cookies included by the client in an HTTP request, where is the cookie name and the value of the attribute is the cookie value.', + type: 'string', + pii: { + isPii: 'true', + }, + isInOtel: false, + hasDynamicSuffix: true, + example: 'lang=en-US', + sdks: ['javascript'], + }, [HTTP_REQUEST_HEADER_KEY]: { brief: 'HTTP request headers, being the normalized HTTP Header name (lowercase), the value being the header values.', @@ -11146,6 +11206,18 @@ export const ATTRIBUTE_METADATA: Record = { example: "http.response.header.custom-header=['foo', 'bar']", aliases: [HTTP_RESPONSE_CONTENT_LENGTH, HTTP_RESPONSE_BODY_SIZE], }, + [HTTP_RESPONSE_HEADER_COOKIE_KEY]: { + brief: + 'Cookies returned by the server as part of an HTTP response using the "Set-Cookie" header, where is the cookie name and the value of the attribute is the cookie value. Cookie attributes (e.g. "Secure; HttpOnly") shall not be included as part of the value.', + type: 'string', + pii: { + isPii: 'true', + }, + isInOtel: false, + hasDynamicSuffix: true, + example: 'lang=en-US', + sdks: ['javascript'], + }, [HTTP_RESPONSE_HEADER_KEY]: { brief: 'HTTP response headers, being the normalized HTTP Header name (lowercase), the value being the header values.', @@ -13705,6 +13777,7 @@ export type Attributes = { [HTTP_REQUEST_DOMAIN_LOOKUP_END]?: HTTP_REQUEST_DOMAIN_LOOKUP_END_TYPE; [HTTP_REQUEST_DOMAIN_LOOKUP_START]?: HTTP_REQUEST_DOMAIN_LOOKUP_START_TYPE; [HTTP_REQUEST_FETCH_START]?: HTTP_REQUEST_FETCH_START_TYPE; + [HTTP_REQUEST_HEADER_COOKIE_KEY]?: HTTP_REQUEST_HEADER_COOKIE_KEY_TYPE; [HTTP_REQUEST_HEADER_KEY]?: HTTP_REQUEST_HEADER_KEY_TYPE; [HTTP_REQUEST_METHOD]?: HTTP_REQUEST_METHOD_TYPE; [HTTP_REQUEST_REDIRECT_END]?: HTTP_REQUEST_REDIRECT_END_TYPE; @@ -13719,6 +13792,7 @@ export type Attributes = { [HTTP_RESPONSE_BODY_SIZE]?: HTTP_RESPONSE_BODY_SIZE_TYPE; [HTTP_RESPONSE_CONTENT_LENGTH]?: HTTP_RESPONSE_CONTENT_LENGTH_TYPE; [HTTP_RESPONSE_HEADER_CONTENT_LENGTH]?: HTTP_RESPONSE_HEADER_CONTENT_LENGTH_TYPE; + [HTTP_RESPONSE_HEADER_COOKIE_KEY]?: HTTP_RESPONSE_HEADER_COOKIE_KEY_TYPE; [HTTP_RESPONSE_HEADER_KEY]?: HTTP_RESPONSE_HEADER_KEY_TYPE; [HTTP_RESPONSE_SIZE]?: HTTP_RESPONSE_SIZE_TYPE; [HTTP_RESPONSE_STATUS_CODE]?: HTTP_RESPONSE_STATUS_CODE_TYPE; diff --git a/model/attributes/http/http__request__header__cookie__[key].json b/model/attributes/http/http__request__header__cookie__[key].json new file mode 100644 index 00000000..e71884e4 --- /dev/null +++ b/model/attributes/http/http__request__header__cookie__[key].json @@ -0,0 +1,12 @@ +{ + "key": "http.request.header.cookie.", + "brief": "Cookies included by the client in an HTTP request, where is the cookie name and the value of the attribute is the cookie value.", + "has_dynamic_suffix": true, + "type": "string", + "pii": { + "key": "true" + }, + "is_in_otel": false, + "example": "lang=en-US", + "sdks": ["javascript"] +} diff --git a/model/attributes/http/http__response__header__cookie__[key].json b/model/attributes/http/http__response__header__cookie__[key].json new file mode 100644 index 00000000..f2867e27 --- /dev/null +++ b/model/attributes/http/http__response__header__cookie__[key].json @@ -0,0 +1,12 @@ +{ + "key": "http.response.header.cookie.", + "brief": "Cookies returned by the server as part of an HTTP response using the \"Set-Cookie\" header, where is the cookie name and the value of the attribute is the cookie value. Cookie attributes (e.g. \"Secure; HttpOnly\") shall not be included as part of the value.", + "has_dynamic_suffix": true, + "type": "string", + "pii": { + "key": "true" + }, + "is_in_otel": false, + "example": "lang=en-US", + "sdks": ["javascript"] +} diff --git a/python/src/sentry_conventions/attributes.py b/python/src/sentry_conventions/attributes.py index 14544a67..e5d23d48 100644 --- a/python/src/sentry_conventions/attributes.py +++ b/python/src/sentry_conventions/attributes.py @@ -1886,6 +1886,19 @@ class ATTRIBUTE_NAMES(metaclass=_AttributeNamesMeta): Example: "http.request.header.custom-header=['foo', 'bar']" """ + # Path: model/attributes/http/http__request__header__cookie__[key].json + HTTP_REQUEST_HEADER_COOKIE_KEY: Literal["http.request.header.cookie."] = ( + "http.request.header.cookie." + ) + """Cookies included by the client in an HTTP request, where is the cookie name and the value of the attribute is the cookie value. + + Type: str + Contains PII: true + Defined in OTEL: No + Has Dynamic Suffix: true + Example: "lang=en-US" + """ + # Path: model/attributes/http/http__request__method.json HTTP_REQUEST_METHOD: Literal["http.request.method"] = "http.request.method" """The HTTP method used. @@ -2044,6 +2057,19 @@ class ATTRIBUTE_NAMES(metaclass=_AttributeNamesMeta): Example: "http.response.header.custom-header=['foo', 'bar']" """ + # Path: model/attributes/http/http__response__header__cookie__[key].json + HTTP_RESPONSE_HEADER_COOKIE_KEY: Literal["http.response.header.cookie."] = ( + "http.response.header.cookie." + ) + """Cookies returned by the server as part of an HTTP response using the "Set-Cookie" header, where is the cookie name and the value of the attribute is the cookie value. Cookie attributes (e.g. "Secure; HttpOnly") shall not be included as part of the value. + + Type: str + Contains PII: true + Defined in OTEL: No + Has Dynamic Suffix: true + Example: "lang=en-US" + """ + # Path: model/attributes/http/http__response__size.json HTTP_RESPONSE_SIZE: Literal["http.response.size"] = "http.response.size" """The transfer size of the response (in bytes). @@ -5901,6 +5927,15 @@ class ATTRIBUTE_NAMES(metaclass=_AttributeNamesMeta): has_dynamic_suffix=True, example="http.request.header.custom-header=['foo', 'bar']", ), + "http.request.header.cookie.": AttributeMetadata( + brief="Cookies included by the client in an HTTP request, where is the cookie name and the value of the attribute is the cookie value.", + type=AttributeType.STRING, + pii=PiiInfo(isPii=IsPii.TRUE), + is_in_otel=False, + has_dynamic_suffix=True, + example="lang=en-US", + sdks=["javascript"], + ), "http.request.method": AttributeMetadata( brief="The HTTP method used.", type=AttributeType.STRING, @@ -6004,6 +6039,15 @@ class ATTRIBUTE_NAMES(metaclass=_AttributeNamesMeta): example="http.response.header.custom-header=['foo', 'bar']", aliases=["http.response_content_length", "http.response.body.size"], ), + "http.response.header.cookie.": AttributeMetadata( + brief='Cookies returned by the server as part of an HTTP response using the "Set-Cookie" header, where is the cookie name and the value of the attribute is the cookie value. Cookie attributes (e.g. "Secure; HttpOnly") shall not be included as part of the value.', + type=AttributeType.STRING, + pii=PiiInfo(isPii=IsPii.TRUE), + is_in_otel=False, + has_dynamic_suffix=True, + example="lang=en-US", + sdks=["javascript"], + ), "http.response.size": AttributeMetadata( brief="The transfer size of the response (in bytes).", type=AttributeType.INTEGER, @@ -8023,6 +8067,7 @@ class ATTRIBUTE_NAMES(metaclass=_AttributeNamesMeta): "http.request.domain_lookup_start": float, "http.request.fetch_start": float, "http.request.header.": List[str], + "http.request.header.cookie.": str, "http.request.method": str, "http.request.redirect_end": float, "http.request.redirect_start": float, @@ -8036,6 +8081,7 @@ class ATTRIBUTE_NAMES(metaclass=_AttributeNamesMeta): "http.response.body.size": int, "http.response.header.": List[str], "http.response.header.content-length": str, + "http.response.header.cookie.": str, "http.response.size": int, "http.response.status_code": int, "http.response_content_length": int, From b8a94cf99e68c079658211665eab5f826a30f383 Mon Sep 17 00:00:00 2001 From: lcian <17258265+lcian@users.noreply.github.com> Date: Tue, 16 Dec 2025 22:21:26 +0100 Subject: [PATCH 2/2] changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 27b2dbc6..599c2662 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ #### Changes to attributes - feat(attributes): Add sentry.normalized_db_query.hash ([#200](https://github.com/getsentry/sentry-conventions/pull/200)) +- feat: Add http.request/response.header.cookie. ([#211](https://github.com/getsentry/sentry-conventions/pull/211)) ## 0.3.1