Use Cases


min read

How to modify Headers in HTTP(s) Requests and Responses in Chrome, Firefox & Safari using Requestly

Sachin Jain

Founder & CEO

HTTP(s) Headers are key-value pairs that can be used by the client or server to pass additional information along with an HTTP(s) request or response. An HTTP(s) header consists of its case-insensitive name followed by a colon (:), then by its value.

Headers carry data about the data being transferred. The ability to modify the headers of traffic that pass through your browser easily is what every developer would want to have.

Requestly can be used to modify request and response headers in simple clicks.

Here's a quick demo video:

Step-by-Step Guide to creating Modify Headers Rule

1. Select Modify Headers option

From the Select Rule options, click on Modify Headers and click on Create Rule button.

2. Request URL

Define the Request URL (exact URL or URL pattern) on which you want to modify the request or response headers. You can also leave this empty in which case modification will apply to all URLs in your browser.

3. Select Request Headers or Response Headers

All Request Headers modifications go under the left tab and all Response Header modifications go under the right tab.

4. Different Modification Options

  • Add Header
  • Remove Header
  • Override Header

Add Header adds a new <header, value> to existing headers. Remove header removes the <header> from existing headers. Override header option only modifies the existing header. If the header doesn’t exist, It won’t add a new header.

5. Define Multiple modifications

You can combine multiple header modifications for the same URL pattern defined in the rule.

Modify Headers in Safari

Download the Requestly desktop app to modify headers in safari and other apps.

Modify Headers in your Android app

Download Request Android Debugger to modify headers in your android app.

When modifying headers is helpful?

Open websites in iframe for testing

Sometimes you need to open pages in iframe, but response headers like X-Frame-Options and Content-Security-Policy does not allow it to prevent clickjacking. Using Requestly, you can modify this header to allow the website to be opened in iframe.

Remove Content-Security-Policy

Content-Security-Policy response header is added to the website to prevent injection of external scripts but sometimes while testing it is required to inject scripts. Requestly can be used to remove CSP response header.

Access Kubernetes dashboard by modifying Authorization header

You can access dashboard, you simply need to pass Authorization: Bearer <token> in every request to Dashboard. Requestly enables you to quickly modify the header.

Find more information here.

Add custom request headers

Custom request headers can be added to manage features. Generally x-custom-header convention is followed.

Change Content-Type of the requested resource.

Test sites in production

To test sites in production, one can use local backend with the production site but here the browser can give CORS errors.

The following response headers can be modified using Requestly to test sites in production.

  • Access-Control-Allow-Origin
  • Access-Control-Allow-Methods
  • Access-Control-Allow-Headers
  • Access-Control-Allow-Credentials

Modifying headers happens to be a powerful tool in the hands of the developer.

Requestly offers more than just modifying http headers, you can mock API responses, redirect URLs, delay/throttle requests, insert custom scripts and much more!

Happy Debugging 🚀


Keep reading

All Posts

Go next