List of Headers not allowed to be modified by Chrome Extensions

Requestly is the first choice in chrome and firefox extensions when user wants to modify request and response headers. This is really helpful in development and debugging in various scenarios.

Requestly released Header Modification feature in Jan, 2015 and since then so many people have reached out to us on various platforms (mai, twitter, facebook, github, chrome store) with similar questions and hence this article is being written to be referred for such future requests.

List of Request Headers — Browsers don’t allow extension to modify

Here is an excerpt from chrome webRequest API documentation:

The following headers are currently not provided to theonBeforeSendHeaders event. This list is not guaranteed to be complete nor stable.

  • Authorization
  • Cache-Control
  • Connection
  • Content-Length
  • Host
  • If-Modified-Since
  • If-None-Match
  • If-Range
  • Partial-Data
  • Pragma
  • Proxy-Authorization
  • Proxy-Connection
  • Transfer-Encoding

Above list of headers are not allowed to be modified by chrome+firefox extensions So if you are trying to modify a header from above list, you now know the reason why it does not work.

Modifications in Response Headers are not visible in DevTools

This is another popular question we receive.

Headers rule containing response header modifications actually works but the modifications are not visible in developer tools. However, modifications in request headers are visible in developer tools.

Reason for this is chrome/firefox don’t want to wait for extensions to finish their modifications before rendering them in dev tools. Implementation of developer tools is such that they receive headers as soon as response is received and extensions are given the headers for modifications. So behind the scenes, modification is applied as long as your rule is fine but you may not know it.But this is hard to debug and it is an open problem.

Here is the Chromium Bug/Pending feature in which this point was raised and probably this has not prioritised yet.

Here is an example of how you can setup a Header rule. Let us know if you have any questions or feedback. Feel free to reach out to or tweet us at @requestly_ext.

Like what you read? Give Requestly a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.