Options for inspecting HTTP/2 pseudo headers - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Options for inspecting HTTP/2 pseudo headers

Protected Amazon resources that support HTTP/2 traffic do not forward HTTP/2 pseudo headers to Amazon WAF for inspection, but they provide contents of pseudo headers in web request components that Amazon WAF inspects.

You can use Amazon WAF to inspect only the pseudo headers that are listed in the following table.

HTTP/2 pseudo header contents mapped to web request components

HTTP/2 pseudo header

Web request component to inspect



HTTP method

HTTP method


Host header

Single header

All headers

:path URI path

URI path

URI path

:path query

Query string

Query string

Single query parameter

All query parameters