Header No X Prefix

header-no-x-prefix

info experience: namingexperience: consistency spec: parametersspec: headers

HTTP header '{{value}}' SHOULD NOT start with 'X-' in {{path}}

‘HTTP’ headers SHOULD NOT start with ‘X-‘ RFC6648.

Rule definition

The full Spotlight rule — drop it into a ruleset (.spotlight.yaml / .spectral.yaml) and run it with any Spotlight tool.

header-no-x-prefix:
  title: Header No X Prefix
  reference: https://spotlight-rules.com/spec/rules/openapi/header-no-x-prefix/
  description: "'HTTP' headers SHOULD NOT start with 'X-' RFC6648."
  message: HTTP header '{{value}}' SHOULD NOT start with 'X-' in {{path}}
  severity: info
  given:
    - $..parameters[?(@.in == 'header')].name
  then:
    function: pattern
    functionOptions:
      match: /^([^x]|.[^-])|RateLimit-/i
  tags:
    - format:openapi
    - spec:parameters
    - spec:headers
    - experience:naming
    - experience:consistency
  prompt: "You are editing an OpenAPI document to satisfy the Spotlight API
    governance rule 'header-no-x-prefix' (Header No X Prefix). Requirement:
    'HTTP' headers SHOULD NOT start with 'X-' RFC6648. To fix: Ensure the
    targeted value matches the regular expression `/^([^x]|.[^-])|RateLimit-/i`;
    rewrite any value that does not. This rule is evaluated at the JSONPath
    `$..parameters[?(@.in == 'header')].name` — inspect every location it
    matches and correct only what violates the rule. Make the smallest change
    that satisfies the rule, leave all unrelated content, key order, comments,
    and formatting unchanged, and keep the document valid OpenAPI. Return only
    the complete corrected document, with no commentary."
AI fix prompt — send this to Claude, Gemini, or ChatGPT with your artifact to auto-fix this rule 
You are editing an OpenAPI document to satisfy the Spotlight API governance rule 'header-no-x-prefix' (Header No X Prefix). Requirement: 'HTTP' headers SHOULD NOT start with 'X-' RFC6648. To fix: Ensure the targeted value matches the regular expression `/^([^x]|.[^-])|RateLimit-/i`; rewrite any value that does not. This rule is evaluated at the JSONPath `$..parameters[?(@.in == 'header')].name` — inspect every location it matches and correct only what violates the rule. Make the smallest change that satisfies the rule, leave all unrelated content, key order, comments, and formatting unchanged, and keep the document valid OpenAPI. Return only the complete corrected document, with no commentary.
ArtifactOpenAPI
Applies at (given)$..parameters[?(@.in == 'header')].name
Severityinfo — educational by default; raise to warn/error to enforce
Referencehttps://spotlight-rules.com/spec/rules/openapi/header-no-x-prefix/
← Header Names Hyphenated Pascal Case
all OpenAPI rules
Header Require Examples →