HTTP

HTTP Attributes

Attribute Type Description Examples
http.request.body.size int The size of the request payload body in bytes. This is the number of bytes transferred excluding headers and is often, but not always, present as the Content-Length header. For requests using transport encoding, this should be the compressed size. 3495
http.request.header.<key> string[] HTTP request headers, <key> being the normalized HTTP Header name (lowercase, with - characters replaced by _), the value being the header values. [1] http.request.header.content_type=["application/json"]; http.request.header.x_forwarded_for=["1.2.3.4", "1.2.3.5"]
http.request.method string HTTP request method. [2] GET; POST; HEAD
http.request.method_original string Original HTTP method sent by the client in the request line. GeT; ACL; foo
http.resend_count int The ordinal number of request resending attempt (for any reason, including redirects). [3] 3
http.response.body.size int The size of the response payload body in bytes. This is the number of bytes transferred excluding headers and is often, but not always, present as the Content-Length header. For requests using transport encoding, this should be the compressed size. 3495
http.response.header.<key> string[] HTTP response headers, <key> being the normalized HTTP Header name (lowercase, with - characters replaced by _), the value being the header values. [4] http.response.header.content_type=["application/json"]; http.response.header.my_custom_header=["abc", "def"]
http.response.status_code int HTTP response status code. 200
http.route string The matched route (path template in the format used by the respective server framework). See note below [5] /users/:userID?; {controller}/{action}/{id?}

[1]: Instrumentations SHOULD require an explicit configuration of which headers are to be captured. Including all request headers can be a security risk - explicit configuration helps avoid leaking sensitive information. The User-Agent header is already captured in the user_agent.original attribute. Users MAY explicitly configure instrumentations to capture them even though it is not recommended. The attribute value MUST consist of either multiple header values as an array of strings or a single-item array containing a possibly comma-concatenated string, depending on the way the HTTP library provides access to headers.

[2]: HTTP request method value SHOULD be “known” to the instrumentation. By default, this convention defines “known” methods as the ones listed in RFC9110 and the PATCH method defined in RFC5789.

If the HTTP request method is not known to instrumentation, it MUST set the http.request.method attribute to _OTHER.

If the HTTP instrumentation could end up converting valid HTTP request methods to _OTHER, then it MUST provide a way to override the list of known HTTP methods. If this override is done via environment variable, then the environment variable MUST be named OTEL_INSTRUMENTATION_HTTP_KNOWN_METHODS and support a comma-separated list of case-sensitive known HTTP methods (this list MUST be a full override of the default known method, it is not a list of known methods in addition to the defaults).

HTTP method names are case-sensitive and http.request.method attribute value MUST match a known HTTP method name exactly. Instrumentations for specific web frameworks that consider HTTP methods to be case insensitive, SHOULD populate a canonical equivalent. Tracing instrumentations that do so, MUST also set http.request.method_original to the original value.

[3]: The resend count SHOULD be updated each time an HTTP request gets resent by the client, regardless of what was the cause of the resending (e.g. redirection, authorization failure, 503 Server Unavailable, network issues, or any other).

[4]: Instrumentations SHOULD require an explicit configuration of which headers are to be captured. Including all response headers can be a security risk - explicit configuration helps avoid leaking sensitive information. Users MAY explicitly configure instrumentations to capture them even though it is not recommended. The attribute value MUST consist of either multiple header values as an array of strings or a single-item array containing a possibly comma-concatenated string, depending on the way the HTTP library provides access to headers.

[5]: MUST NOT be populated when this is not supported by the HTTP server framework as the route attribute should have low-cardinality and the URI path can NOT substitute it. SHOULD include the application root if there is one.

http.request.method has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

Value Description
CONNECT CONNECT method.
DELETE DELETE method.
GET GET method.
HEAD HEAD method.
OPTIONS OPTIONS method.
PATCH PATCH method.
POST POST method.
PUT PUT method.
TRACE TRACE method.
_OTHER Any HTTP method that the instrumentation has no prior knowledge of.

Deprecated HTTP Attributes

Attribute Type Description Examples
http.method string Deprecated, use http.request.method instead. GET; POST; HEAD
http.request_content_length int Deprecated, use http.request.body.size instead. 3495
http.response_content_length int Deprecated, use http.response.body.size instead. 3495
http.scheme string Deprecated, use url.scheme instead. http; https
http.status_code int Deprecated, use http.response.status_code instead. 200
http.target string Deprecated, use url.path and url.query instead. /search?q=OpenTelemetry#SemConv
http.url string Deprecated, use url.full instead. https://www.foo.bar/search?q=OpenTelemetry#SemConv