@ILoveHostasaurus

What is s.apitype used for and does it have cardinals?

Is s.apitype used to issue a server header response?

Does uri.mvc issue s.apitype of 'Redirect' for cannonical urls?

And somewhat related:

I've sometime notice bot spam coming through proxys. Can s.HTTP_X_FORWARDED_FOR and s.HTTP_X_REAL_IP be used to investigate them further?

I'd recommend posting in the MivaScript / Empresa channel on the apitype question as I'm not familiar with that variable. For the forwarding headers, a visitor can send any header if it's otherwise valid from a protocol standpoint, so x-forwarded-for, etc. generally should not be trusted unless they've come from a trusted IP. For sites with us that have Cloudflare active, we only trust that header if it has come from a Cloudflare IP. However, at the Miva Merchant / script level, you would not know if it's trustworthy, so you should only rely on the MivaScript remote IP variable, as that will always be either the actual IP or a substitution from a trusted forward header.

Thank you.