Web server plug-ins enable the Web server to communicate requests for dynamic content, such as servlets, to the application server.
Once you configure a WebSphere plug-in for Web servers, in addition to regular plug-in functions, you can use private headers as a mechanism for forwarding proxy information from these plug-ins to the application server on a z/OS platform. This information is not otherwise included with the HTTP requests.
Private headers are implemented as a set of HTTP request header name and value pairs that the plug-ins add to the HTTP request header as it is forwarded by the Web server. The application server Web container removes this information from the header and processes it.
Private headers can include such information as the remote (client) user, the remote (client) host name, or an SSL client certificate. They conform to a naming standard so that there is no namespace collision with the architected HTTP header fields (hence the name "private").
For example, authentication information, such as a client certificate, is normally requested by the Web server once during the establishment of an HTTP session. It is not required again for individual requests within that session. However, a client certificate must accompany each request forwarded to the application server on a z/OS platform so that the application server can use it as needed.
Similarly, the Web server examines the TCP/IP socket connection for information about the host address of the client. The application server cannot do this examination because its socket connection is with the plug-in, not the actual client. Therefore, one of the private headers is the host address of the actual client.