Request Modification — Modify Headers

Getting Started
Installation
Setup
Inspect Traffic
HTTP Rules (Modify Traffic)
Session Book
Mock Server
API Client
File Server
Workspace
Public API
FAQ
Guides
TroubleShooting
Subscription & Billing
Getting Started
Installation
Setup
Inspect Traffic
API Client
HTTP Rules (Modify Traffic)
Mock Server
File Server
Workspace
Public API
Sessions Replay
Guides
Session Book
Subscription & Billing
TroubleShooting
 

Modify Headers

 
HTTP(s) Headers are key-value pairs that are used to pass additional information with an HTTP(s) request or response. Developers often desire the ability to easily modify the headers of traffic that pass through their browsers.
Requestly provides a simple solution to accomplish this, allowing developers to add new headers, remove existing headers and override existing header values in a few clicks.
notion image
  1. Source Condition: Source condition is where you set criteria for the rules. You can use URLHost, or Path with RegexContainsWildcard, or Equals to match the source request. Learn more about Source Conditions here.
  1. Request Headers : Select this tab to modify the Request Headers of the Request.
  1. Response Headers : Select this tab to modify the Response Headers of the Request.
  1. Header Modification : This is where the header modification will happen. You can AddRemove, or Override the headers.
  1. Source Filters : You can define better targeting conditions and restrict rules to be applied on specific web pages (or domains), request types, request methods, or request payloads. Learn more about source filters here.

Popular use cases

  • Open websites in an iframe for testing: Response headers like X-Frame-Options and Content-Security-Policy don’t allow you to open pages in iframes to prevent clickjacking. Using Requestly, you can modify this header to allow the websites to be opened in an iframe.
  • Remove Content-Security-Policy: Content-Security-Policy response header is added to the website to prevent injection of external scripts. Requestly can be used to remove the CSP response header for testing purposes.
  • Debugging CORS Issues: To debug CORS errors in the browser, you can modify response headers like Access-Control-Allow-OriginAccess-Control-Allow-MethodsAccess-Control-Allow-Headers and Access-Control-Allow-Credentials.
  • Access the Kubernetes dashboard: You can access the Kubernetes dashboard by modifying the Authorization header. In order to do that, you need to pass Authorization: Bearer <token> in every request to Dashboard. You can find more information here.
 
Modify Headers in Safari: Download the Requestly desktop app to modify headers in safari and other apps.
 
Video preview

FAQs

Response Headers not showing in browser network panel
Due to technical constraints, request headers modified using Requestly won't show up in the browser network panel.
But the headers actually received by the server are modified.
You can see the modified headers sent to the server in the Desktop App `Network Traffic` Section
 
You can check whether the rule is returning correct response header or not using this code in console
fetch("<url>") .then(data => { console.log(data.headers.get("<header-name>"))} )