The Approved Header Field List for Gmail specifies the header field criteria for email messages in Gmail to bypass policy scanning when a message matches any of the criteria.
If you want certain email messages to skip scanning by all policies, for example, to do a phishing simulation campaign via email, you can create a global approved list so messages that match the header field criteria will not be scanned by all enabled Advanced Threat Protection and Data Loss Prevention policies for Gmail and will be delivered to the intended recipients.
You can configure the list first and enable it later when you need to.
The specified entry appears in the area below.
When the specified header field of an email message contains or exactly matches with the specified value depending on whether Contains or Equals is selected, the message will not be scanned by all enabled ATP and DLP policies for Gmail.
Be aware that Name and Value are case sensitive, and wildcard characters and regular expressions are not supported.
The header field name and value cannot exceed 128 characters.
The email message whose header field hits any of the specified entries will bypass policy scanning.
A maximum of 10 header fields is supported.