why - for debugging and analytics. we want the ability to "tag" requests that match a specific payload.

who - security, development and operations teams would use this for troubleshooting and analytics. once a header is added, it will be in the logs, and so it could be used for marketing analytics as well. Consider companies using Adobe /graphql which all calls are in on the same API signature, a POST to /graphql. The only difference is the payload might be an "address scrub" or a "login" or a "credit card payment". If we could add a customer header with name value pair such as "flow_type" / "address scrub", based on a payload regex in the common security policy, then we could later build dashboards and analytics showing what ratio of POSTs to /graphql are address scrubs vs logins vs credit card payments.

how - In Routes we cannot match based on payload, only on method and URL path. Since XC is not currently allowing for payload logging. One way would be to allow payload matching in Route objects and then we can add a customer header to indicate the match. The other way would be to allow request and response header additions via common security policy, the same way its allowed in Routes.