Two HTTP headers related to Service Workers you never may have heard of

The second one will make you talk to your webmaster…

Thomas Steiner
Mar 22 · 4 min read

Header № 1: `service-worker-allowed`

This is one of the a little more obscure Service Worker features, but it’s very useful. You can see it in action on Google Docs, where the URL you’re on with multi-account login is something like https://docs.google.com/document/u/0/ (the final number determines the active account), but where the actual Service Worker JavaScript file comes from https://docs.google.com/document/offline/serviceworker.js?ouid=ude32cf1e51077bff&zx=hyah3kexco7d (your query parameters may differ).

HTTP header `service-worker-allowed` in action on Google Docs

Header № 2: `service-worker`

As we’re at it, another header you might not have heard of is service-worker. It indicates when a request is for a Service Worker’s script resource and helps administrators and webmasters log such requests and detect threats (so talk to them, they’ll probably appreciate it; Jake Archibald’s article has all the details). This header as well is supported by all browsers, and here is the deep link to its section in the spec. You can see it in action when you go to Facebook. Facebook’s Service Worker comes from https://www.facebook.com/sw?s=push, but if you try to open this URL, you’ll not see the JavaScript code, but a Facebook error page. You actually need to send the header in order for Facebook to return the code.

HTTP header `service-worker` in action on Facebook
👷‍♀️ 👷 Service Worker Detector browser extension running on Facebook
Fetch a resource exactly as the browser did with “Copy as cURL” or “Copy as fetch”

Dev Channel

Developers Channel - the thoughts, opinions and musings from members of the Chrome team.

Thomas Steiner

Written by

Web Developer Advocate at Google

Dev Channel

Developers Channel - the thoughts, opinions and musings from members of the Chrome team.