[FEATURE] Add opt-out configuration for X-Claude-Code-Session-Id header

Resolved 💬 3 comments Opened Mar 29, 2026 by lowkey-divine Closed Apr 1, 2026

Summary

v2.1.86 added the X-Claude-Code-Session-Id header to all API requests, allowing proxies to aggregate requests by session without parsing request bodies. This is a well-motivated feature for enterprise deployments running Claude Code through corporate proxies for billing, compliance, and audit logging.

We'd like to request a simple configuration option to disable this header for users who don't route through proxies and prefer to minimize correlation identifiers in outbound requests.

Rationale

Before v2.1.86, individual API requests carried no session-scoped correlation handle. The new header introduces a tracking surface that links all requests within a conversation — visible to any intermediary between the client and the API endpoint.

For users connecting directly to Anthropic's API (no proxy), the header provides no functional benefit to the user while creating a new correlation capability on the server side. An opt-out respects the principle that users should control what metadata leaves their machine, while preserving the default-on behavior for deployments that need it.

Suggested Implementation

A settings.json key, for example:

{
  "apiHeaders": {
    "X-Claude-Code-Session-Id": false
  }
}

Or a simpler boolean:

{
  "sendSessionIdHeader": false
}

Either approach would let users opt out while preserving the default-on behavior for enterprise deployments.

Context

  • Related: #40119 (documentation for proxy operators about this header)
  • The header value is a locally-generated UUID — we acknowledge it contains no PII. This request is about user control over outbound metadata, not a security vulnerability report.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗