Making Tax Digital: Fraud Prevention Headers for Tax Reporting Framework

As part of U.K. Making Tax Digital (MTD) compliance requirements, Her Majesty’s Revenue and Customs (HMRC) monitors transactions to help protect NetSuite customers’ confidential data. To achieve this goal, MTD VAT submission includes sending of HTTP fraud prevention header information which contains the following:

Header

Description

Gov-Client-Connection-Method

Web-based connection method used by NetSuite to connect to HMRC through intermediary servers.

Example: Gov-Client-Connection-Method: WEB_APP_VIA_SERVER

Gov-Client-Browser-Do-Not-Track

True or false value describing if the Do Not Track option is enabled on the browser.

Example: Gov-Client-Browser-Do-Not-Track: false

Gov-Client-Browser-JS-User-Agent

JavaScript-reported user agent string from the originating device.

Example: Gov-Client-Browser-JS-User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36

Gov-Client-Browser-Plugins

List of browser plug-ins on the originating device.

Example: Gov-Client-Browser-Plugins: Chrome%20PDF%20Plugin,Chrome%20PDF%20Viewer,Native%20Client

Gov-Client-Device-ID

Identifier unique to the originating device.

Example: Gov-Client-Device-ID: beec798b-b366-47fa-b1f8-92cede14a1ce

Gov-Client-Local-IPs

List of all local IPv4 and IPv6 addresses available to the originating device.

Example: Gov-Client-Local-IPs: a5315485-3249-438f-9130-50b6cd64a394.local

Gov-Client-Local-IPs-Timestamp

Timestamp to show when Gov-Client-Local-IPs is collected.

Example: Gov-Client-Local-IPs-Timestamp: 2021-06-25T10:40:46.734Z

Gov-Client-Public-IP

Public IPv4 or IPv6 address from which the originating device makes the request.

Example: Gov-Client-Public-IP: 213.175.41.130

Gov-Client-Public-Port

Public TCP port used by the originating device when initiating the request.

Example: Gov-Client-Public-Port: 12345

Gov-Client-Public-IP-Timestamp

Timestamp to show when Gov-Client-Public-IP is collected.

Example: Gov-Client-Public-IP-Timestamp: 2021-06-25T10:33:38.000Z

Gov-Client-Screens

Information about the originating device’s screens.

Example: Gov-Client-Screens: width=1920&height=1080&scaling-factor=1&colour-depth=24

Gov-Client-Timezone

Local time zone of the originating device, expressed as UTC±<hh>:<mm>

Example: Gov-Client-Timezone: UTC+02:00

Gov-Client-User-IDs

Key-value data structure containing user identifiers.

Example: Gov-Client-User-IDs: Oracle_NetSuite_Username=6208366_PSGTOOLS-1029

Gov-Client-Window-Size

The number of pixels of the window on the originating device.

Example: Gov-Client-Window-Size: width=1920&height=925

Gov-Vendor-Forwarded

List that details hops over the internet between services that terminate Transport Layer Security (TLS).

Example: Gov-Vendor-Forwarded: by=203.0.113.6&for=198.51.100.0

Gov-Vendor-License-IDs

A key-value data structure of hashed license keys relating to the vendor software initiating the API request on the originating device.

Example: Gov-Vendor-License-IDs: my%20licensed%20software=8D7963490527D33716835EE7C195516D5E562E03B224E9B359836466EE40CDE1

Gov-Vendor-Public-IP

The public IP address of the servers the originating device send their requests to.

Example: Gov-Vendor-License-IDs: 203.0.113.6

Gov-Vendor-Product-Name

Name of the product marketed to end users.

Example: Gov-Vendor-Product-Name: NetSuite%20OneWorld

Gov-Vendor-Version

Key-value data structure of versions of vendor software involved in handling a request. Use the format: <software-name>=<version-number>&<software-name-2>=<version-number-2>& …

Example: Gov-Vendor-Version: NetSuite%20OneWorld=2021.1

These header data will be used by HMRC to support prosecutions for tax and duty fraud. HMRC has the right and legal basis to collect customers’ audit data. HMRC follows transaction monitoring security approach used in the U.K, for more information see HMRC Developer Hub.

Related Topics