```
### Forward SonarQube custom headers
-SonarQube adds custom HTTP headers in order for some features to function properly. The reverse proxy should be configured to forward the following header: `SonarQube-Authentication-Token-Expiration`.
+SonarQube adds custom HTTP headers. The reverse proxy should be configured to forward the following headers:
+
+* `SonarQube-Authentication-Token-Expiration`
+This header is added to a web service response when using [tokens](/user-guide/user-token/) to authenticate. Forwarding this header is not required for the SonarQube features to work properly.
## Secure your Network
* when invoking web services: just pass the token instead of your login while doing the basic authentication.
In both cases, you don't need to provide a password (so when running analyses on your code, the property `sonar.password` is optional). Using a token is the preferred method over using a login and password.
+
+### Expiration date in HTTP response
+
+When using a token to interact with web services, a `SonarQube-Authentication-Token-Expiration` HTTP header will be added to the response. This header contains the token expiration date and can help third-party tools track upcoming expirations, so the token can be rotated in time.
projects / sonarqube.git / commitdiff