What http headers are used by the SonarQube extension for AzureDevOps

We’re self-hosting a SonarQube (SQ) instance in AWS - we’ve installed the SQ extension in AzureDevOps, which makes calls to the SQ instance to scan our code during build. Pretty standard so far.

Given the difficulties in IP whitelisting AzureDevOps, we’ve opted instead to protect our SQ instance with the AWS WAF. I’m wondering what headers are used by the SQ extension in AzureDevOps, so we can identify (and allow) that traffic in the WAF rules.

Or alteratively if there is some way to set a custom header that we can look for?

i.e. unless traffic has the [SQ header] or a [custom header] then BLOCK.