HTTP exposes a variety of settings. Several of these settings are available for configuration within individual receivers or exporters.

Exporters leverage client configuration.

Note that client configuration supports TLS configuration, the configuration parameters are also defined under tls like server configuration. For more information, see configtls README.

• endpoint: address:port
• tls
• headers: name/value pairs added to the HTTP request headers
  • certain headers such as Content-Length and Connection are automatically written when needed and values in Header may be ignored.
  • Host header is automatically derived from endpoint value. However, this automatic assignment can be overridden by explicitly setting the Host field in the headers field.
  • if Host header is provided then it overrides Host field in Request which results as an override of Host header value.
• read_buffer_size
• timeout
• write_buffer_size
• compression: Compression type to use among gzip, zstd, snappy, zlib, and deflate.
  • look at the documentation for the server-side of the communication.
  • none will be treated as uncompressed, and any other inputs will cause an error.
• max_idle_conns
• max_idle_conns_per_host
• max_conns_per_host
• idle_conn_timeout
• auth
• disable_keep_alives
• http2_read_idle_timeout
• http2_ping_timeout
• cookies
  • [enabled] if enabled, the client will store cookies from server responses and reuse them in subsequent requests.

Example:

exporter:
  otlphttp:
    endpoint: otelcol2:55690
    auth:
      authenticator: some-authenticator-extension
    tls:
      ca_file: ca.pem
      cert_file: cert.pem
      key_file: key.pem
    headers:
      test1: "value1"
      "test 2": "value 2"
    compression: zstd
    cookies:
      enabled: true

Receivers leverage server configuration.

• cors: Configure CORS, allowing the receiver to accept traces from web browsers, even if the receiver is hosted at a different origin. If left blank or set to null, CORS will not be enabled.
  • allowed_origins: A list of origins allowed to send requests to the receiver. An origin may contain a wildcard (*) to replace 0 or more characters (e.g., https://*.example.com). To allow any origin, set to ["*"]. If no origins are listed, CORS will not be enabled.
  • allowed_headers: Allow CORS requests to include headers outside the default safelist. By default, safelist headers and X-Requested-With will be allowed. To allow any request header, set to ["*"].
  • max_age: Sets the value of the Access-Control-Max-Age header, allowing clients to cache the response to CORS preflight requests. If not set, browsers use a default of 5 seconds.
• endpoint: Valid value syntax available here
• max_request_body_size: configures the maximum allowed body size in bytes for a single request. Default: 0 (no restriction)
• compression_algorithms: configures the list of compression algorithms the server can accept. Default: ["", "gzip", "zstd", "zlib", "snappy", "deflate"]
• tls
• auth

You can enable attribute processor to append any http header to span's attribute using custom key. You also need to enable the "include_metadata"

Example:

receivers:
  otlp:
    protocols:
      http:
        include_metadata: true
        auth:
          authenticator: some-authenticator-extension
        cors:
          allowed_origins:
            - https://foo.bar.com
            - https://*.test.com
          allowed_headers:
            - Example-Header
          max_age: 7200
        endpoint: 0.0.0.0:55690
        compression_algorithms: ["", "gzip"]
processors:
  attributes:
    actions:
      - key: http.client_ip
        from_context: X-Forwarded-For
        action: upsert