Does SDM add or change any request headers?
Yes, as follows:
We do things that most proxies do, e.g. change the Location header b. if USER-AGENT header is missing, we add it with a blank value c. for HTTP BASIC AUTH or HTTP CUSTOM HEADER resource types, we add or modify the related auth headers
Do the headers contain any data to identify the SDM user?
Yes, we add or modify:
X-Forwarded-User - the email address of the strongDM user
X-Sdm-Token - a JWT that can be used to verify the authentication
These are "reserved for future use" in the product, but can be used today by customers who need this info.