Request Headers & WAF

Part of the BioT platform's protection is Amazon's Web Application Firewall (WAF) which is the first to monitor every web request that is directed to the platform.

WAF is a rule based filter that examines the request and evaluates it. If the WAF determines that the request is malicious or fraudulent , it will block it and return a 403 HTTPS response.

While BioT makes an effort to fine tune the WAF, it may happen that it flags a legal request as malicious and blocks it.
To prevent these false positive detection we advise the use of appropriate HTTP request headers when making API requests to BioT.


Use the Accept header to declare that you expect JSON as a response:
Example: Accept: application/json


Use theContent-Type header to indicate the original media type of the resource:
Example: Content-Type: application/json; charset=utf-8


Use the Content-Length header to indicates the size of the message body, in bytes.
Example:Content-Length: 1654


Use the Host header to specify the host of the server to which the request is being sent.
Example: Host:


Use the User-Agent header to describe the client making the request; its application, operating system, vendor, and/or version.
Example: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0

If you require further information about the WAF or these headers, don't hesitate to contact us.