Sending of MTD Anti-Fraud Headers
As part of U.K. MTD compliance requirements, HMRC monitors transactions to help protect NetSuite customers’ confidential data. To achieve this goal, MTD VAT submission includes sending of HTTP header information which contains the following:
|
Header |
Description |
|---|---|
|
Gov-Client-Connection-Method |
A web-based connection method used by NetSuite to connect to HMRC through intermediary servers. Example: Gov-Client-Connection-Method: WEB_APP_VIA_SERVER |
|
Gov-Client-Device-ID |
An identifier unique to the originating device. Example: Gov-Client-Device-ID: beec798b-b366-47fa-b1f8-92cede14a1ce |
|
Gov-Client-Public-IP |
The public IPv4 or IPv6 address from which the originating device makes the request. Example: Gov-Client-Public-IP: 198.51.100.0 |
|
Gov-Client-Public-IP-Timestamp |
A timestamp to show when Gov-Client-Public-IP is collected. Example: Gov-Client-Public-IP-Timestamp: 2020-09-21T14:30:00.000Z |
|
Gov-Client-Public-Port |
The public TCP port used by the originating device when initiating the request. Example: Gov-Client-Public-Port: 47138 |
|
Gov-Client-User-IDs |
A key-value data structure containing user identifiers. Example: Gov-Client-User-IDs: My_Webapp_Software=user32abc7b3 |
|
Gov-Client-Timezone |
The local time zone of the originating device, expressed as UTC±<hh>:<mm> Example: Gov-Client-Timezone: UTC+00:00 |
|
Gov-Client-Local-IPs |
A list of all local IPv4 and IPv6 addresses available to the originating device. Example: Gov-Client-Local-IPs: 10.1.2.3,10.3.4.2 |
|
Gov-Client-Local-IPs-Timestamp |
A timestamp to show when Gov-Client-Local-IPs is collected. Example: Gov-Client-Local-IPs-Timestamp: 2020-09-21T14:30:00.000Z |
|
Gov-Client-Screens |
Information about the originating device’s screens. Example: Gov-Client-Screens: width=1920&height=1080&scaling-factor=1&colour-depth=16,width=3000&height=2000&scaling-factor=1.25&colour-depth=16 |
|
Gov-Client-Window-Size |
The number of pixels of the window on the originating device. Example: Gov-Client-Window-Size: width=1256&height=803 |
|
Gov-Client-Browser-Plugins |
A list of browser plug-ins on the originating device. Example: Gov-Client-Browser-Plugins: Shockwave%20Flash,Chromium%20PDF%20Viewer |
|
Gov-Client-Browser-JS-User-Agent |
JavaScript-reported user agent string from the originating device. Example: Gov-Client-Browser-JS-User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Mobile/7B405 |
|
Gov-Client-Browser-Do-Not-Track |
A true or false value describing if the Do Not Track option is enabled on the browser. Example: Gov-Client-Browser-Do-Not-Track: false |
|
Gov-Vendor-Forwarded |
A list that details hops over the internet between services that terminate Transport Layer Security (TLS). Example: Gov-Vendor-Forwarded: by=192.188.170.85&for=192.188.170.85,by=125.56.219.106&for=192.188.170.85 |
|
Gov-Vendor-Version |
A key-value data structure of versions of your software involved in handling a request. Example: International%20Tax%20Reports%20Feature=3.76.0.2022.03.15.1.2&NetSuite%20OneWorld=2022.1 |
|
Gov-Vendor-Product-Name |
The name of the product marketed to end users. Example: Gov-Vendor-Product-Name: Product%20Name |
|
Gov-Vendor-Public-IP |
The public IP address of the servers the originating device sent their requests to. Example: Gov-Vendor-Public-IP: 192.188.170.85 |
These header data will be used by HMRC to support prosecutions for tax and duty fraud. HMRC has the right and legal basis to collect customers’ audit data. HMRC follows transaction monitoring security approach used in the U.K., specifically the recommended guidance by National Cyber Security Centre (NCSC) and the Cabinet Office’s.
Related Topics:
- Making Tax Digital for VAT Overview and Setup
- Submitting MTD VAT Returns to HMRC
- Submitting an MTD VAT Return in a CSV File
- Viewing Previously Submitted MTD VAT Returns
- Handling MTD VAT Return Submission Errors
- Viewing the MTD VAT Return Submission History
- Exporting a United Kingdom VAT Return to Excel