25 commonly-used
reporting attributes are included in the data logs. Four optional attributes
can also be included.
The field prefixes
are:
 Note |
The contents of
the majority of attributes are normalized to lower case. However, for some
attributes you may wish to view the original string as entered by the user.
Attributes listed with “Original” in parentheses are available in normalized
and original form.
|
cs(X-Forwarded-For)
Value of the
X-Forwarded-For header
cs-username
(Original)
Username logged in the form of WinNT://<username> or a custom text name
cs-method
(Original) Request
method: CONNECT, GET, POST
cs-uri-scheme
Referrer protocol:
FTP, HTTP, HTTPS
cs-host
(Original) Host
part of the URL string; for example, in
news.example.com/sport the host is
news.example.com
cs-uri-port
Port number of web
request
cs-uri-path
Path part of the
URL string; for example, in
news.example.com/sport the path is
/sport
cs-uri-query
Query part of the
URL string; for example, in
http://www.example.com/search?hl=en&q=free+screensavers&btnG=Example+Search&meta=&aq=f&oq=
the query is
hl=en&q=free+screensavers&btnG=Example+Search&meta=&aq=f&oq=
cs(Content-Type)
(Original) Request
content type; for example,
image/gif,
application/pdf,
text/html,
application/EDI-X12
sc(Content-Type)
(Original)
Response content type
s-ip
Destination IP
address
x-amp-score
(Optional) AMP score of the request, if available
x-amp-sha
(Optional) Request/response SHA256 for the executable/PDF
x-avc-app
(Optional) Human readable AVC application name
x-avc-app-id
(Optional) AVC application ID, if detected
x-ss-category
Web filtering
category; the category codes that apply to the x-ss-category reporting
attribute are:
Code
|
Description
|
Code
|
Description
|
Code
|
Description
|
c:adlt
|
Adult
|
c:game |
Games |
c:pnet |
Professional Networking |
c:adv
|
Advertisements
|
c:gov |
Government and Law |
c:pol |
Politics |
c:alc
|
Alcohol
|
c:hack |
Hacking |
c:porn |
Pornography |
c:art
|
Arts
|
c:hate |
Hate Speech |
c:prnm
|
Paranormal
|
c:astr
|
Astrology
|
c:hlth |
Health and Nutrition (deprecated 02/08/2021) |
c:pvpn
|
Personal VPN
|
c:auct
|
Auctions
|
c:hmed
|
Health and Medicine
|
c:reci
|
Recipes and Food
|
c:aud
|
Streaming Audio
|
c:hunt
|
Hunting
|
c:ref |
Reference |
c:busi
|
Business and Industry
|
c:ilac
|
Illegal Activities
|
c:rel |
Religion |
c:cach
|
Web Cache and Archives
|
c:ildl
|
Illegal Downloads
|
c:rest |
Real Estate |
c:cann
|
Cannabis
|
c:img |
Photo Search / Images |
c:saas
|
Saas and B2B
|
c:card
|
Digital Postcards
|
c:infr |
Infrastructure and Content Delivery |
c:sci
|
Science and Technology
|
c:cell
|
Mobile Phones
|
c:iot
|
Internet of Things
|
c:scty |
Society and Culture |
c:chat
|
Chat and Instant Messaging
|
c:job |
Job Search |
c:serv
|
Cloud and Data Centers
|
c:comm
|
Online Communities
|
c:kids |
Safe for Kids |
c:shop |
Shopping |
c:comp
|
Computers and Internet
|
c:ling
|
Lingerie and Swimsuits
|
c:shrt
|
URL Shorteners
|
c:cryp
|
Cryptocurrency
|
c:lol |
Humor |
c:snet |
Social Networking |
c:csec
|
Computer Security
|
c:lotr
|
Lotteries
|
c:socs |
Social Science |
c:date
|
Dating
|
c:mail
|
Web-based E-mail
|
c:sprt |
Sports and Recreation |
c:ddns
|
Dynamic DNS Provider
|
c:meet
|
Online Meetings
|
c:srch |
Search Engines and Portals |
c:diy
|
DIY Projects
|
c:mil
|
Military
|
c:swup |
Software Updates |
c:docs
|
Online Document Sharing and Collaboration
|
c:mine
|
Cryptomining
|
c:sxed |
Sex Education |
c:doht
|
DoH and DoT
|
c:muse
|
Museums
|
c:terr
|
Terrorism and Violent Extremism
|
c:drug
|
Illegal Drugs
|
c:natr |
Nature (deprecated 02/08/2021) |
c:tob |
Tobacco |
c:dyn
|
Dynamic / Residential
|
c:ncon
|
Nature and Conservation
|
c:trad |
Online Trading |
c:edu
|
Education
|
c:news |
News |
c:tran |
Web Page Translation |
c:ent
|
Entertainment
|
c:ngo
|
Non-governmental Organizations
|
c:trns |
Transportation |
c:expo
|
Conventions, Conferences, and Trade Shows
|
c:nsn |
Non-sexual Nudity |
c:trvl |
Travel |
c:extr
|
Extreme
|
c:osb |
Online Storage and Backup |
c:tunn
|
DNS Tunneling
|
c:fash
|
Fashion
|
c:p2p |
Peer File Transfer |
c:vid |
Streaming Video |
c:filt
|
Filter Avoidance
|
c:park |
Parked Domains |
c:voip |
Internet Telephony |
c:fnnc
|
Finance
|
c:pem |
Organizational E-mail |
c:weap |
Weapons |
c:food
|
Dining and Drinking
|
c:pers |
Personal Sites |
c:whst |
Web Hosting |
c:free
|
Freeware and Shareware
|
c:pets
|
Animals and Pets
|
unclassified |
Unclassified |
c:fts
|
File Transfer Services
|
c:piah
|
Private IP Addresses as Host
|
|
|
c:gamb |
Gambling |
c:plag |
Cheating and Plagarism |
|
|
x-ss-last-rule-name
(Original) Policy
rule name
x-ss-last-rule-action
Five rule actions
to choose from: allow, authenticate, block, warn, inspect
x-ss-block-type
Type of block or
pattern, specified in the filter, that generated the block
x-ss-block-value
String value that
matched the block pattern
x-ss-referrer-host
(Original) Host
part of the referrer URL string; for example, in
news.example.com/sport the host is
news.example.com
x-ss-external-ip
External IP
address that Cisco Cloud Web Security gets from the customer (also known as the
egress IP address); can also be the subnet of the external IP address (also
known as the egress IP address subnet)
x-ss-company-id
Child Company ID