HTTP(s) Headers are key-value pairs that can be used by the client or server to pass additional information along with an HTTP(s) request or response. An HTTP(s) header consists of its case-insensitive name followed by a colon (:), then by its value.
Headers carry data about the data being transferred. The ability to modify the headers of traffic that pass through your browser easily is what every developer would want to have.
Requestly can be used to modify request and response headers in simple clicks.
Here's a quick demo video:
Step-by-Step Guide to creating Modify Headers Rule
1. Select Modify Headers option
From the Select Rule options, click on Modify Headers and click on Create Rule button.

2. Request URL
Define the Request URL (exact URL or URL pattern) on which you want to modify the request or response headers. You can also leave this empty in which case modification will apply to all URLs in your browser.

3. Select Request Headers or Response Headers
All Request Headers modifications go under the left tab and all Response Header modifications go under the right tab.

4. Different Modification Options
- Add Header
- Remove Header
- Override Header
Add Header adds a new <header, value> to existing headers. Remove header removes the <header> from existing headers. Override header option only modifies the existing header. If the header doesn’t exist, It won’t add a new header.

5. Define Multiple modifications
You can combine multiple header modifications for the same URL pattern defined in the rule.


Modify Headers in Safari
Download the Requestly desktop app to modify headers in safari and other apps.
Modify Headers in your Android app
Download Request Android Debugger to modify headers in your android app.
When modifying headers is helpful?
Open websites in iframe for testing
Sometimes you need to open pages in iframe, but response headers like X-Frame-Options and Content-Security-Policy does not allow it to prevent clickjacking. Using Requestly, you can modify this header to allow the website to be opened in iframe.
Remove Content-Security-Policy
Content-Security-Policy response header is added to the website to prevent injection of external scripts but sometimes while testing it is required to inject scripts. Requestly can be used to remove CSP response header.
Access Kubernetes dashboard by modifying Authorization header
You can access dashboard, you simply need to pass Authorization: Bearer <token> in every request to Dashboard. Requestly enables you to quickly modify the header.
Find more information here.
Add custom request headers
Custom request headers can be added to manage features. Generally x-custom-header convention is followed.
Change Content-Type of the requested resource.
Test sites in production
To test sites in production, one can use local backend with the production site but here the browser can give CORS errors.
The following response headers can be modified using Requestly to test sites in production.
- Access-Control-Allow-Origin
- Access-Control-Allow-Methods
- Access-Control-Allow-Headers
- Access-Control-Allow-Credentials
Modifying headers happens to be a powerful tool in the hands of the developer.
Requestly offers more than just modifying http headers, you can mock API responses, redirect URLs, delay/throttle requests, insert custom scripts and much more!
Happy Debugging 🚀