Two HTTP headers related to Service Workers you never may have heard of

The second one will make you talk to your webmaster…

Thomas Steiner
Mar 22, 2019 · 4 min read

The other day, one of my former Google Mobile Solutions Consultant colleagues sent an email to an internal mailing list that (paraphrased) went like this:

“I was shocked that during now more than two years of supporting Service Worker implementations, I only found out about the service-worker-allowed header today.” 😳

I suspect at least some of you are the same, so let me explain not just this, but also a second interesting HTTP header related to Service Workers that are both probably not the ones you read about when you follow any of the many Service Worker tutorials out there.

Header № 1: `service-worker-allowed`

This is one of the a little more obscure Service Worker features, but it’s very useful. You can see it in action on Google Docs, where the URL you’re on with multi-account login is something like (the final number determines the active account), but where the actual Service Worker JavaScript file comes from (your query parameters may differ).

Now why does this matter? Let’s briefly recall the concept of a Service Worker’s scope: The scope of the Service Worker determines which files the Service Worker controls, in other words, from which path the Service Worker will intercept requests. The default scope is the location of the Service Worker file, and extends to all directories below. So if serviceworker.js is located in the root directory, the Service Worker will control requests from all files at this domain.

Now you may notice that in the case of Google Docs, the default scope would be, which is not enough, as the user is working in This is where finally the service-worker-allowed header comes in. It allows Google Docs to ask for a wider scope of instead 🎉. This header is supported by all browsers and if you’re interested in all the details, this is the deep link to the header’s section in the spec. You can see it in action in the screenshot below.

Image for post
Image for post

Header № 2: `service-worker`

As we’re at it, another header you might not have heard of is service-worker. It indicates when a request is for a Service Worker’s script resource and helps administrators and webmasters log such requests and detect threats (so talk to them, they’ll probably appreciate it; Jake Archibald’s article has all the details). This header as well is supported by all browsers, and here is the deep link to its section in the spec. You can see it in action when you go to Facebook. Facebook’s Service Worker comes from, but if you try to open this URL, you’ll not see the JavaScript code, but a Facebook error page. You actually need to send the header in order for Facebook to return the code.

Image for post
Image for post

This initially caught me when I developed the 👷‍♀️ 👷 Service Worker Detector browser extension, but after reading the spec, I was then sending the correct header in the extension’s content script, so that it now works as expected.

Image for post
Image for post

If you encounter this header being required by the server, for quick debugging sessions in the browser or from the terminal, a cool Chrome DevTools tip is to right-click the Service Worker request and then “Copy as cURL” or “Copy as fetch”. 👌

Image for post
Image for post

Did you know about these headers? Let me know in the comments or ping me, @tomayac, on Twitter. Oh, by the way, while I still have your attention, the Mobile Solutions Consultant team (my former team) are hiring, and so is my current team, the Chrome Developer Relations team, where we’re looking for Developer Advocates and Developer Programs Engineers

Dev Channel

Developers Channel - the thoughts, opinions and musings…

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store