This version is in beta - expect some breaking changes.

Test Fraud Prevention Headers API

Dates and amounts
Date Amount
Version and status
Available in Sandbox Yes
Sandbox base URL
Available in Production No


When you use some of our APIs, you need to submit fraud prevention headers. This API checks the fraud prevention headers on individual requests. It checks the value and format and gives you feedback on any issues. For example, is the value for Gov-Client-Public-IP a public IP address?

How to use this API

Use this API to check headers submitted by your application meet the latest version of the fraud prevention headers specification.

In the initial stages of development, use the validate endpoint to get immediate feedback for a single request.

Once you have implemented headers on your API requests, run tests in sandbox. Then, use the validation-feedback endpoint to get feedback on the last request made to each endpoint.

You need to fix all errors and check any advisories. In responses, advisories are referred to as warnings.

We refer to your software architecture as a connection method. To use this API, you need to select the correct connection method for your application.

What not to do

Make sure that you:

  • do not use this API as a guarantee that requests in production will meet the specification
  • do not send HMRC your logs from this API. We use your most recent submissions to the sandbox to check fraud prevention headers



Test Data section is not applicable for this API.



The way we show Test Fraud Prevention Headers API v1.0 endpoints has changed, which might look different to other Developer Hub APIs.

The API has not changed. You do not need to make any updates to your application if you already use this API.