dd-trace 5.24.0 → 5.26.0

package/packages/dd-trace/src/opentracing/propagation/text_map.js

@@ -53,6 +53,8 @@ class TextMapPropagator {
   }
 
   inject (spanContext, carrier) {
+    if (!spanContext || !carrier) return
+
     this._injectBaggageItems(spanContext, carrier)
     this._injectDatadog(spanContext, carrier)
     this._injectB3MultipleHeaders(spanContext, carrier)
@@ -107,10 +109,35 @@ class TextMapPropagator {
     }
   }
 
+  _encodeOtelBaggageKey (key) {
+    let encoded = encodeURIComponent(key)
+    encoded = encoded.replaceAll('(', '%28')
+    encoded = encoded.replaceAll(')', '%29')
+    return encoded
+  }
+
   _injectBaggageItems (spanContext, carrier) {
-    spanContext._baggageItems && Object.keys(spanContext._baggageItems).forEach(key => {
-      carrier[baggagePrefix + key] = String(spanContext._baggageItems[key])
-    })
+    if (this._config.legacyBaggageEnabled) {
+      spanContext._baggageItems && Object.keys(spanContext._baggageItems).forEach(key => {
+        carrier[baggagePrefix + key] = String(spanContext._baggageItems[key])
+      })
+    }
+    if (this._hasPropagationStyle('inject', 'baggage')) {
+      let baggage = ''
+      let itemCounter = 0
+      let byteCounter = 0
+
+      for (const [key, value] of Object.entries(spanContext._baggageItems)) {
+        const item = `${this._encodeOtelBaggageKey(String(key).trim())}=${encodeURIComponent(String(value).trim())},`
+        itemCounter += 1
+        byteCounter += item.length
+        if (itemCounter > this._config.baggageMaxItems || byteCounter > this._config.baggageMaxBytes) break
+        baggage += item
+      }
+
+      baggage = baggage.slice(0, baggage.length - 1)
+      if (baggage) carrier.baggage = baggage
+    }
   }
 
   _injectTags (spanContext, carrier) {
@@ -263,45 +290,63 @@ class TextMapPropagator {
   }
 
   _extractSpanContext (carrier) {
-    let spanContext = null
+    let context = null
     for (const extractor of this._config.tracePropagationStyle.extract) {
-      // add logic to ensure tracecontext headers takes precedence over other extracted headers
-      if (spanContext !== null) {
-        if (this._config.tracePropagationExtractFirst) {
-          return spanContext
-        }
-        if (extractor !== 'tracecontext') {
-          continue
-        }
-        spanContext = this._resolveTraceContextConflicts(
-          this._extractTraceparentContext(carrier), spanContext, carrier)
-        break
-      }
-
+      let extractedContext = null
       switch (extractor) {
         case 'datadog':
-          spanContext = this._extractDatadogContext(carrier)
+          extractedContext = this._extractDatadogContext(carrier)
           break
         case 'tracecontext':
-          spanContext = this._extractTraceparentContext(carrier)
+          extractedContext = this._extractTraceparentContext(carrier)
           break
         case 'b3' && this
           ._config
           .tracePropagationStyle
           .otelPropagators: // TODO: should match "b3 single header" in next major
         case 'b3 single header': // TODO: delete in major after singular "b3"
-          spanContext = this._extractB3SingleContext(carrier)
+          extractedContext = this._extractB3SingleContext(carrier)
           break
         case 'b3':
         case 'b3multi':
-          spanContext = this._extractB3MultiContext(carrier)
+          extractedContext = this._extractB3MultiContext(carrier)
           break
         default:
-          log.warn(`Unknown propagation style: ${extractor}`)
+          if (extractor !== 'baggage') log.warn(`Unknown propagation style: ${extractor}`)
+      }
+
+      if (extractedContext === null) { // If the current extractor was invalid, continue to the next extractor
+        continue
+      }
+
+      if (context === null) {
+        context = extractedContext
+        if (this._config.tracePropagationExtractFirst) {
+          return context
+        }
+      } else {
+        // If extractor is tracecontext, add tracecontext specific information to the context
+        if (extractor === 'tracecontext') {
+          context = this._resolveTraceContextConflicts(
+            this._extractTraceparentContext(carrier), context, carrier)
+        }
+        if (extractedContext._traceId && extractedContext._spanId &&
+           extractedContext.toTraceId(true) !== context.toTraceId(true)) {
+          const link = {
+            context: extractedContext,
+            attributes: { reason: 'terminated_context', context_headers: extractor }
+          }
+          context._links.push(link)
+        }
+      }
+
+      if (this._config.tracePropagationStyle.extract.includes('baggage') && carrier.baggage) {
+        context = context || new DatadogSpanContext()
+        this._extractBaggageItems(carrier, context)
       }
     }
 
-    return spanContext || this._extractSqsdContext(carrier)
+    return context || this._extractSqsdContext(carrier)
   }
 
   _extractDatadogContext (carrier) {
@@ -310,7 +355,7 @@ class TextMapPropagator {
     if (!spanContext) return spanContext
 
     this._extractOrigin(carrier, spanContext)
-    this._extractBaggageItems(carrier, spanContext)
+    this._extractLegacyBaggageItems(carrier, spanContext)
     this._extractSamplingPriority(carrier, spanContext)
     this._extractTags(carrier, spanContext)
 
@@ -383,7 +428,7 @@ class TextMapPropagator {
       return null
     }
     const matches = headerValue.trim().match(traceparentExpr)
-    if (matches.length) {
+    if (matches?.length) {
       const [version, traceId, spanId, flags, tail] = matches.slice(1)
       const traceparent = { version }
       const tracestate = TraceState.fromString(carrier.tracestate)
@@ -444,7 +489,7 @@ class TextMapPropagator {
         }
       })
 
-      this._extractBaggageItems(carrier, spanContext)
+      this._extractLegacyBaggageItems(carrier, spanContext)
       return spanContext
     }
     return null
@@ -528,14 +573,43 @@ class TextMapPropagator {
     }
   }
 
-  _extractBaggageItems (carrier, spanContext) {
-    Object.keys(carrier).forEach(key => {
-      const match = key.match(baggageExpr)
+  _decodeOtelBaggageKey (key) {
+    let decoded = decodeURIComponent(key)
+    decoded = decoded.replaceAll('%28', '(')
+    decoded = decoded.replaceAll('%29', ')')
+    return decoded
+  }
+
+  _extractLegacyBaggageItems (carrier, spanContext) {
+    if (this._config.legacyBaggageEnabled) {
+      Object.keys(carrier).forEach(key => {
+        const match = key.match(baggageExpr)
+
+        if (match) {
+          spanContext._baggageItems[match[1]] = carrier[key]
+        }
+      })
+    }
+  }
 
-      if (match) {
-        spanContext._baggageItems[match[1]] = carrier[key]
+  _extractBaggageItems (carrier, spanContext) {
+    const baggages = carrier.baggage.split(',')
+    for (const keyValue of baggages) {
+      if (!keyValue.includes('=')) {
+        spanContext._baggageItems = {}
+        return
       }
-    })
+      let [key, value] = keyValue.split('=')
+      key = this._decodeOtelBaggageKey(key.trim())
+      value = decodeURIComponent(value.trim())
+      if (!key || !value) {
+        spanContext._baggageItems = {}
+        return
+      }
+      // the current code assumes precedence of ot-baggage- (legacy opentracing baggage) over baggage
+      if (key in spanContext._baggageItems) return
+      spanContext._baggageItems[key] = value
+    }
   }
 
   _extractSamplingPriority (carrier, spanContext) {

package/packages/dd-trace/src/opentracing/span.js

@@ -145,6 +145,18 @@ class DatadogSpan {
     return this._spanContext._baggageItems[key]
   }
 
+  getAllBaggageItems () {
+    return JSON.stringify(this._spanContext._baggageItems)
+  }
+
+  removeBaggageItem (key) {
+    delete this._spanContext._baggageItems[key]
+  }
+
+  removeAllBaggageItems () {
+    this._spanContext._baggageItems = {}
+  }
+
   setTag (key, value) {
     this._addTags({ [key]: value })
     return this
@@ -168,6 +180,20 @@ class DatadogSpan {
     })
   }
 
+  addSpanPointer (ptrKind, ptrDir, ptrHash) {
+    const zeroContext = new SpanContext({
+      traceId: id('0'),
+      spanId: id('0')
+    })
+    const attributes = {
+      'ptr.kind': ptrKind,
+      'ptr.dir': ptrDir,
+      'ptr.hash': ptrHash,
+      'link.kind': 'span-pointer'
+    }
+    this.addLink(zeroContext, attributes)
+  }
+
   addEvent (name, attributesOrStartTime, startTime) {
     const event = { name }
     if (attributesOrStartTime) {

package/packages/dd-trace/src/opentracing/span_context.js

@@ -18,6 +18,7 @@ class DatadogSpanContext {
     this._tags = props.tags || {}
     this._sampling = props.sampling || {}
     this._spanSampling = undefined
+    this._links = props.links || []
     this._baggageItems = props.baggageItems || {}
     this._traceparent = props.traceparent
     this._tracestate = props.tracestate

package/packages/dd-trace/src/opentracing/tracer.js

@@ -52,8 +52,15 @@ class DatadogTracer {
       ? getContext(options.childOf)
       : getParent(options.references)
 
+    // as per spec, allow the setting of service name through options
     const tags = {
-      'service.name': this._service
+      'service.name': options?.tags?.service ? String(options.tags.service) : this._service
+    }
+
+    // As per unified service tagging spec if a span is created with a service name different from the global
+    // service name it will not inherit the global version value
+    if (options?.tags?.service && options.tags.service !== this._service) {
+      options.tags.version = undefined
     }
 
     const span = new Span(this, this._processor, this._prioritySampler, {

package/packages/dd-trace/src/payload-tagging/config/aws.json

@@ -17,14 +17,82 @@
       "$.Attributes.Token",
       "$.Endpoints.*.Token",
       "$.PhoneNumber",
-      "$.PhoneNumbers",
-      "$.phoneNumbers",
       "$.PlatformApplication.*.PlatformCredential",
       "$.PlatformApplication.*.PlatformPrincipal",
-      "$.Subscriptions.*.Endpoint"
+      "$.Subscriptions.*.Endpoint",
+      "$.PhoneNumbers[*].PhoneNumber",
+      "$.phoneNumbers[*]"
     ],
     "expand": [
       "$.MessageAttributes.*.StringValue"
     ]
+  },
+  "eventbridge": {
+    "request": [
+      "$.AuthParameters.OAuthParameters.OAuthHttpParameters.HeaderParameters[*].Value",
+      "$.AuthParameters.OAuthParameters.OAuthHttpParameters.QueryStringParameters[*].Value",
+      "$.AuthParameters.OAuthParameters.OAuthHttpParameters.BodyParameters[*].Value",
+      "$.AuthParameters.InvocationHttpParameters.HeaderParameters[*].Value",
+      "$.AuthParameters.InvocationHttpParameters.QueryStringParameters[*].Value",
+      "$.AuthParameters.InvocationHttpParameters.BodyParameters[*].Value",
+      "$.Targets[*].RedshiftDataParameters.Sql",
+      "$.Targets[*].RedshiftDataParameters.Sqls",
+      "$.Targets[*].AppSyncParameters.GraphQLOperation",
+      "$.AuthParameters.BasicAuthParameters.Password",
+      "$.AuthParameters.OAuthParameters.ClientParameters.ClientSecret",
+      "$.AuthParameters.ApiKeyAuthParameters.ApiKeyValue"
+    ],
+    "response": [
+      "$.AuthParameters.OAuthParameters.OAuthHttpParameters.HeaderParameters[*].Value",
+      "$.AuthParameters.OAuthParameters.OAuthHttpParameters.QueryStringParameters[*].Value",
+      "$.AuthParameters.OAuthParameters.OAuthHttpParameters.BodyParameters[*].Value",
+      "$.AuthParameters.InvocationHttpParameters.HeaderParameters[*].Value",
+      "$.AuthParameters.InvocationHttpParameters.QueryStringParameters[*].Value",
+      "$.AuthParameters.InvocationHttpParameters.BodyParameters[*].Value",
+      "$.Targets[*].RedshiftDataParameters.Sql",
+      "$.Targets[*].RedshiftDataParameters.Sqls",
+      "$.Targets[*].AppSyncParameters.GraphQLOperation"
+    ],
+    "expand": [
+    ]
+  },
+  "s3": {
+    "request": [
+      "$.SSEKMSKeyId",
+      "$.SSEKMSEncryptionContext",
+      "$.ServerSideEncryptionConfiguration.Rules[*].ApplyServerSideEncryptionByDefault.KMSMasterKeyID",
+      "$.InventoryConfiguration.Destination.S3BucketDestination.Encryption.SSEKMS.KeyId",
+      "$.SSECustomerKey",
+      "$.CopySourceSSECustomerKey",
+      "$.RestoreRequest.OutputLocation.S3.Encryption.KMSKeyId"
+
+    ],
+    "response": [
+      "$.SSEKMSKeyId",
+      "$.SSEKMSEncryptionContext",
+      "$.ServerSideEncryptionConfiguration.Rules[*].ApplyServerSideEncryptionByDefault.KMSMasterKeyID",
+      "$.InventoryConfiguration.Destination.S3BucketDestination.Encryption.SSEKMS.KeyId",
+      "$.Credentials.SecretAccessKey",
+      "$.Credentials.SessionToken",
+      "$.InventoryConfigurationList[*].Destination.S3BucketDestination.Encryption.SSEKMS.KeyId"
+    ],
+    "expand": [
+    ]
+  },
+  "sqs": {
+    "request": [
+    ],
+    "response": [
+    ],
+    "expand": [
+    ]
+  },
+  "kinesis": {
+    "request": [
+    ],
+    "response": [
+    ],
+    "expand": [
+    ]
   }
 }

package/packages/dd-trace/src/plugins/outbound.js

@@ -7,6 +7,7 @@ const {
   PEER_SERVICE_REMAP_KEY
 } = require('../constants')
 const TracingPlugin = require('./tracing')
+const { exitTags } = require('../../../datadog-code-origin')
 
 const COMMON_PEER_SVC_SOURCE_TAGS = [
   'net.peer.name',
@@ -25,6 +26,14 @@ class OutboundPlugin extends TracingPlugin {
     })
   }
 
+  startSpan (...args) {
+    const span = super.startSpan(...args)
+    if (this._tracerConfig.codeOriginForSpans.enabled) {
+      span.addTags(exitTags(this.startSpan))
+    }
+    return span
+  }
+
   getPeerService (tags) {
     /**
      * Compute `peer.service` and associated metadata from available tags, based

package/packages/dd-trace/src/plugins/tracing.js

@@ -101,9 +101,8 @@ class TracingPlugin extends Plugin {
     }
   }
 
-  startSpan (name, { childOf, kind, meta, metrics, service, resource, type } = {}, enter = true) {
+  startSpan (name, { childOf, kind, meta, metrics, service, resource, type, extractedLinks } = {}, enter = true) {
     const store = storage.getStore()
-
     if (store && childOf === undefined) {
       childOf = store.span
     }
@@ -119,7 +118,8 @@ class TracingPlugin extends Plugin {
         ...meta,
         ...metrics
       },
-      integrationName: type
+      integrationName: type,
+      links: extractedLinks
     })
 
     analyticsSampler.sample(span, this.config.measured)

package/packages/dd-trace/src/plugins/util/inferred_proxy.js

@@ -0,0 +1,121 @@
+const log = require('../../log')
+const tags = require('../../../../../ext/tags')
+
+const RESOURCE_NAME = tags.RESOURCE_NAME
+const HTTP_ROUTE = tags.HTTP_ROUTE
+const SPAN_KIND = tags.SPAN_KIND
+const SPAN_TYPE = tags.SPAN_TYPE
+const HTTP_URL = tags.HTTP_URL
+const HTTP_METHOD = tags.HTTP_METHOD
+
+const PROXY_HEADER_SYSTEM = 'x-dd-proxy'
+const PROXY_HEADER_START_TIME_MS = 'x-dd-proxy-request-time-ms'
+const PROXY_HEADER_PATH = 'x-dd-proxy-path'
+const PROXY_HEADER_HTTPMETHOD = 'x-dd-proxy-httpmethod'
+const PROXY_HEADER_DOMAIN = 'x-dd-proxy-domain-name'
+const PROXY_HEADER_STAGE = 'x-dd-proxy-stage'
+
+const supportedProxies = {
+  'aws-apigateway': {
+    spanName: 'aws.apigateway',
+    component: 'aws-apigateway'
+  }
+}
+
+function createInferredProxySpan (headers, childOf, tracer, context) {
+  if (!headers) {
+    return null
+  }
+
+  if (!tracer._config?.inferredProxyServicesEnabled) {
+    return null
+  }
+
+  const proxyContext = extractInferredProxyContext(headers)
+
+  if (!proxyContext) {
+    return null
+  }
+
+  const proxySpanInfo = supportedProxies[proxyContext.proxySystemName]
+
+  log.debug(`Successfully extracted inferred span info ${proxyContext} for proxy: ${proxyContext.proxySystemName}`)
+
+  const span = tracer.startSpan(
+    proxySpanInfo.spanName,
+    {
+      childOf,
+      type: 'web',
+      startTime: proxyContext.requestTime,
+      tags: {
+        service: proxyContext.domainName || tracer._config.service,
+        component: proxySpanInfo.component,
+        [SPAN_KIND]: 'internal',
+        [SPAN_TYPE]: 'web',
+        [HTTP_METHOD]: proxyContext.method,
+        [HTTP_URL]: proxyContext.domainName + proxyContext.path,
+        [HTTP_ROUTE]: proxyContext.path,
+        stage: proxyContext.stage
+      }
+    }
+  )
+
+  tracer.scope().activate(span)
+  context.inferredProxySpan = span
+  childOf = span
+
+  log.debug('Successfully created inferred proxy span.')
+
+  setInferredProxySpanTags(span, proxyContext)
+
+  return childOf
+}
+
+function setInferredProxySpanTags (span, proxyContext) {
+  span.setTag(RESOURCE_NAME, `${proxyContext.method} ${proxyContext.path}`)
+  span.setTag('_dd.inferred_span', '1')
+  return span
+}
+
+function extractInferredProxyContext (headers) {
+  if (!(PROXY_HEADER_START_TIME_MS in headers)) {
+    return null
+  }
+
+  if (!(PROXY_HEADER_SYSTEM in headers && headers[PROXY_HEADER_SYSTEM] in supportedProxies)) {
+    log.debug(`Received headers to create inferred proxy span but headers include an unsupported proxy type ${headers}`)
+    return null
+  }
+
+  return {
+    requestTime: headers[PROXY_HEADER_START_TIME_MS]
+      ? parseInt(headers[PROXY_HEADER_START_TIME_MS], 10)
+      : null,
+    method: headers[PROXY_HEADER_HTTPMETHOD],
+    path: headers[PROXY_HEADER_PATH],
+    stage: headers[PROXY_HEADER_STAGE],
+    domainName: headers[PROXY_HEADER_DOMAIN],
+    proxySystemName: headers[PROXY_HEADER_SYSTEM]
+  }
+}
+
+function finishInferredProxySpan (context) {
+  const { req } = context
+
+  if (!context.inferredProxySpan) return
+
+  if (context.inferredProxySpanFinished && !req.stream) return
+
+  // context.config.hooks.request(context.inferredProxySpan, req, res) # TODO: Do we need this??
+
+  // Only close the inferred span if one was created
+  if (context.inferredProxySpan) {
+    context.inferredProxySpan.finish()
+    context.inferredProxySpanFinished = true
+  }
+}
+
+module.exports = {
+  createInferredProxySpan,
+  finishInferredProxySpan
+}

package/packages/dd-trace/src/plugins/util/ip_extractor.js

@@ -8,7 +8,6 @@ const ipHeaderList = [
   'x-real-ip',
   'true-client-ip',
   'x-client-ip',
-  'x-forwarded',
   'forwarded-for',
   'x-cluster-client-ip',
   'fastly-client-ip',

package/packages/dd-trace/src/plugins/util/web.js

@@ -10,6 +10,7 @@ const kinds = require('../../../../../ext/kinds')
 const urlFilter = require('./urlfilter')
 const { extractIp } = require('./ip_extractor')
 const { ERROR_MESSAGE, ERROR_TYPE, ERROR_STACK } = require('../../constants')
+const { createInferredProxySpan, finishInferredProxySpan } = require('./inferred_proxy')
 
 const WEB = types.WEB
 const SERVER = kinds.SERVER
@@ -97,7 +98,7 @@ const web = {
       context.span.context()._name = name
       span = context.span
     } else {
-      span = web.startChildSpan(tracer, name, req.headers)
+      span = web.startChildSpan(tracer, name, req)
     }
 
     context.tracer = tracer
@@ -253,9 +254,20 @@ const web = {
   },
 
   // Extract the parent span from the headers and start a new span as its child
-  startChildSpan (tracer, name, headers) {
-    const childOf = tracer.extract(FORMAT_HTTP_HEADERS, headers)
-    const span = tracer.startSpan(name, { childOf })
+  startChildSpan (tracer, name, req) {
+    const headers = req.headers
+    const context = contexts.get(req)
+    let childOf = tracer.extract(FORMAT_HTTP_HEADERS, headers)
+
+    // we may have headers signaling a router proxy span should be created (such as for AWS API Gateway)
+    if (tracer._config?.inferredProxyServicesEnabled) {
+      const proxySpan = createInferredProxySpan(headers, childOf, tracer, context)
+      if (proxySpan) {
+        childOf = proxySpan
+      }
+    }
+
+    const span = tracer.startSpan(name, { childOf, extractedLinks: childOf?.links })
 
     return span
   },
@@ -263,13 +275,21 @@ const web = {
   // Validate a request's status code and then add error tags if necessary
   addStatusError (req, statusCode) {
     const context = contexts.get(req)
-    const span = context.span
-    const error = context.error
-    const hasExistingError = span.context()._tags.error || span.context()._tags[ERROR_MESSAGE]
+    const { span, inferredProxySpan, error } = context
 
-    if (!hasExistingError && !context.config.validateStatus(statusCode)) {
+    const spanHasExistingError = span.context()._tags.error || span.context()._tags[ERROR_MESSAGE]
+    const inferredSpanContext = inferredProxySpan?.context()
+    const inferredSpanHasExistingError = inferredSpanContext?._tags.error || inferredSpanContext?._tags[ERROR_MESSAGE]
+
+    const isValidStatusCode = context.config.validateStatus(statusCode)
+
+    if (!spanHasExistingError && !isValidStatusCode) {
       span.setTag(ERROR, error || true)
     }
+
+    if (inferredProxySpan && !inferredSpanHasExistingError && !isValidStatusCode) {
+      inferredProxySpan.setTag(ERROR, error || true)
+    }
   },
 
   // Add an error to the request
@@ -316,6 +336,8 @@ const web = {
     web.finishMiddleware(context)
 
     web.finishSpan(context)
+
+    finishInferredProxySpan(context)
   },
 
   obfuscateQs (config, url) {
@@ -426,7 +448,7 @@ function reactivate (req, fn) {
 }
 
 function addRequestTags (context, spanType) {
-  const { req, span, config } = context
+  const { req, span, inferredProxySpan, config } = context
   const url = extractURL(req)
 
   span.addTags({
@@ -443,6 +465,7 @@ function addRequestTags (context, spanType) {
 
     if (clientIp) {
       span.setTag(HTTP_CLIENT_IP, clientIp)
+      inferredProxySpan?.setTag(HTTP_CLIENT_IP, clientIp)
     }
   }
 
@@ -450,7 +473,7 @@ function addRequestTags (context, spanType) {
 }
 
 function addResponseTags (context) {
-  const { req, res, paths, span } = context
+  const { req, res, paths, span, inferredProxySpan } = context
 
   if (paths.length > 0) {
     span.setTag(HTTP_ROUTE, paths.join(''))
@@ -459,6 +482,9 @@ function addResponseTags (context) {
   span.addTags({
     [HTTP_STATUS_CODE]: res.statusCode
   })
+  inferredProxySpan?.addTags({
+    [HTTP_STATUS_CODE]: res.statusCode
+  })
 
   web.addStatusError(req, res.statusCode)
 }
@@ -477,7 +503,7 @@ function addResourceTag (context) {
 }
 
 function addHeaders (context) {
-  const { req, res, config, span } = context
+  const { req, res, config, span, inferredProxySpan } = context
 
   config.headers.forEach(([key, tag]) => {
     const reqHeader = req.headers[key]
@@ -485,10 +511,12 @@ function addHeaders (context) {
 
     if (reqHeader) {
       span.setTag(tag || `${HTTP_REQUEST_HEADERS}.${key}`, reqHeader)
+      inferredProxySpan?.setTag(tag || `${HTTP_REQUEST_HEADERS}.${key}`, reqHeader)
     }
 
     if (resHeader) {
       span.setTag(tag || `${HTTP_RESPONSE_HEADERS}.${key}`, resHeader)
+      inferredProxySpan?.setTag(tag || `${HTTP_RESPONSE_HEADERS}.${key}`, resHeader)
     }
   })
 }