webRequest.onBeforeSendHeaders
This event is triggered before sending any HTTP data, but after all HTTP headers are available. This is a good place to listen if you want to modify HTTP request headers.
To have the request headers passed into the listener along with the rest of the request data, pass "requestHeaders"
in the extraInfoSpec
array.
To modify the headers synchronously: pass "blocking"
in extraInfoSpec
, then in your event listener, return a BlockingResponse
with a property named requestHeaders
, whose value is the set of request headers to send.
To modify the headers asynchronously: pass "blocking"
in extraInfoSpec
, then in your event listener, return a Promise
which is resolved with a BlockingResponse
.
If you use "blocking"
, you must have the "webRequestBlocking" API permission in your manifest.json.
It is possible for extensions to conflict here. If two extensions listen to onBeforeSendHeaders
for the same request, then the second listener will see modifications made by the first listener, and will be able to undo any changes made by the first listener. For example, if the first listener adds a Cookie
header, and the second listener strips all Cookie
headers, then the first listener's modifications will be lost. If you want to see the headers that are actually sent, without the risk that another extension will subsequently alter them, use onSendHeaders
, although you can't modify headers on this event.
Not all headers actually sent are always included in requestHeaders
. In particular, headers related to caching (for example, Cache-Control
, If-Modified-Since
, If-None-Match
) are never sent. Also, behavior here may differ across browsers.
According to the specification, header names are case-insensitive. This means that to match a particular header, the listener should lowercase the name before comparing it:
for (const header of e.requestHeaders) {
if (header.name.toLowerCase() === desiredHeader) {
// process header
}
}
The browser preserves the original case of the header name as generated by the browser. If the extension's listener changes the case, this change will not be kept.
Syntax
browser.webRequest.onBeforeSendHeaders.addListener(
listener, // function
filter, // object
extraInfoSpec // optional array of strings
)
browser.webRequest.onBeforeSendHeaders.removeListener(listener)
browser.webRequest.onBeforeSendHeaders.hasListener(listener)
Events have three functions:
addListener(listener, filter, extraInfoSpec)
-
Adds a listener to this event.
removeListener(listener)
-
Stop listening to this event. The
listener
argument is the listener to remove. hasListener(listener)
-
Check whether
listener
is registered for this event. Returnstrue
if it is listening,false
otherwise.
addListener syntax
Parameters
listener
-
The function called when this event occurs. The function is passed this argument:
details
-
object
. Details of the request. This includes request headers if you have included"requestHeaders"
inextraInfoSpec
. See the details section for more information.
Returns:
webRequest.BlockingResponse
. If"blocking"
is specified in theextraInfoSpec
parameter, the event listener should return aBlockingResponse
object, and can set itsrequestHeaders
property. filter
-
webRequest.RequestFilter
. A set of filters that restricts the events that is sent to this listener. extraInfoSpec
Optional-
array
ofstring
. Extra options for the event. You can pass any of the following values:"blocking"
: make the request synchronous, so you can modify request headers"requestHeaders"
: include the request headers in thedetails
object passed to the listener
Additional objects
details
-
string
. If the request is from a tab open in a contextual identity, the cookie store ID of the contextual identity. See Work with contextual identities for more information. documentUrl
-
string
. URL of the document in which the resource will be loaded. For example, if the web page at "https://example.com" contains an image or an iframe, then thedocumentUrl
for the image or iframe will be "https://example.com". For a top-level document,documentUrl
is undefined. frameAncestors
-
array
. Contains information for each document in the frame hierarchy up to the top-level document. The first element in the array contains information about the immediate parent of the document being requested, and the last element contains information about the top-level document. If the load is actually for the top-level document, then this array is empty. frameId
-
integer
. Zero if the request happens in the main frame; a positive value is the ID of a subframe in which the request happens. If the document of a (sub-)frame is loaded (type
ismain_frame
orsub_frame
),frameId
indicates the ID of this frame, not the ID of the outer frame. Frame IDs are unique within a tab. incognito
-
boolean
. Whether the request is from a private browsing window. method
-
string
. Standard HTTP method: for example, "GET" or "POST". originUrl
-
string
. URL of the resource which triggered the request. For example, if "https://example.com" contains a link, and the user clicks the link, then theoriginUrl
for the resulting request is "https://example.com".The
originUrl
is often but not always the same as thedocumentUrl
. For example, if a page contains an iframe, and the iframe contains a link that loads a new document into the iframe, then thedocumentUrl
for the resulting request will be the iframe's parent document, but theoriginUrl
will be the URL of the document in the iframe that contained the link. parentFrameId
-
integer
. ID of the frame that contains the frame which sent the request. Set to -1 if no parent frame exists. proxyInfo
-
object
. This property is present only if the request is being proxied. It contains the following properties:host
-
string
. The hostname of the proxy server. port
-
integer
. The port number of the proxy server. type
-
string
. The type of proxy server. One of:- "http": HTTP proxy (or SSL CONNECT for HTTPS)
- "https": HTTP proxying over TLS connection to proxy
- "socks": SOCKS v5 proxy
- "socks4": SOCKS v4 proxy
- "direct": no proxy
- "unknown": unknown proxy
username
-
string
. Username for the proxy service. proxyDNS
-
boolean
. True if the proxy will perform domain name resolution based on the hostname supplied, meaning that the client should not do its own DNS lookup. failoverTimeout
-
integer
. Failover timeout in seconds. If the proxy connection fails, the proxy will not be used again for this period.
requestHeaders
Optional-
webRequest.HttpHeaders
. The HTTP request headers that will be sent with this request. requestId
-
string
. The ID of the request. Request IDs are unique within a browser session, so you can use them to relate different events associated with the same request. tabId
-
integer
. ID of the tab in which the request takes place. Set to -1 if the request isn't related to a tab. thirdParty
-
boolean
. Indicates whether the request and its content window hierarchy are third party. timeStamp
-
number
. The time when this event fired, in milliseconds since the epoch. type
-
webRequest.ResourceType
. The type of resource being requested: for example, "image", "script", "stylesheet". url
-
string
. Target of the request. urlClassification
-
object
. The type of tracking associated with the request, if the request is classified by Firefox Tracking Protection. This is an object with these properties:firstParty
-
array
ofstrings
. Classification flags for the request's first party. thirdParty
-
array
ofstrings
. Classification flags for the request or its window hierarchy's third parties.
The classification flags include:
fingerprinting
andfingerprinting_content
: indicates the request is involved in fingerprinting ("an origin found to fingerprint").fingerprinting
indicates the domain is in the fingerprinting and tracking category. Examples of this type of domain include advertisers who want to associate a profile with the visiting user.fingerprinting_content
indicates the domain is in the fingerprinting category but not the tracking category. Examples of this type of domain include payment providers who use fingerprinting techniques to identify the visiting user for anti-fraud purposes.
cryptomining
andcryptomining_content
: similar to the fingerprinting category but for cryptomining resources.tracking
,tracking_ad
,tracking_analytics
,tracking_social
, andtracking_content
: indicates the request is involved in tracking.tracking
is any generic tracking request, thead
,analytics
,social
, andcontent
suffixes identify the type of tracker.emailtracking
andemailtracking_content
: indicates the request is involved in tracking emails.any_basic_tracking
: a meta flag that combines tracking and fingerprinting flags, excludingtracking_content
andfingerprinting_content
.any_strict_tracking
: a meta flag that combines all tracking and fingerprinting flags.any_social_tracking
: a meta flag that combines all social tracking flags.
You can find more information on tracker types on the disconnect.me website. The
content
suffix indicates trackers that track and serve content. Blocking them protects users but can lead to sites breaking or elements not being displayed.
Browser compatibility
BCD tables only load in the browser
Examples
This code changes the "User-Agent" header so the browser identifies itself as Opera 12.16, but only when visiting pages under https://httpbin.org/
.
"use strict";
/*
This is the page for which we want to rewrite the User-Agent header.
*/
const targetPage = "https://httpbin.org/*";
/*
Set UA string to Opera 12
*/
const ua =
"Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16";
/*
Rewrite the User-Agent header to "ua".
*/
function rewriteUserAgentHeader(e) {
for (const header of e.requestHeaders) {
if (header.name.toLowerCase() === "user-agent") {
header.value = ua;
}
}
return { requestHeaders: e.requestHeaders };
}
/*
Add rewriteUserAgentHeader as a listener to onBeforeSendHeaders,
only for the target page.
Make it "blocking" so we can modify the headers.
*/
browser.webRequest.onBeforeSendHeaders.addListener(
rewriteUserAgentHeader,
{ urls: [targetPage] },
["blocking", "requestHeaders"],
);
This code is exactly like the previous example, except that the listener is asynchronous, returning a Promise
which is resolved with the new headers:
"use strict";
/*
This is the page for which we want to rewrite the User-Agent header.
*/
const targetPage = "https://httpbin.org/*";
/*
Set UA string to Opera 12
*/
const ua =
"Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16";
/*
Rewrite the User-Agent header to "ua".
*/
function rewriteUserAgentHeaderAsync(e) {
const asyncRewrite = new Promise((resolve, reject) => {
setTimeout(() => {
for (const header of e.requestHeaders) {
if (header.name.toLowerCase() === "user-agent") {
header.value = ua;
}
}
resolve({ requestHeaders: e.requestHeaders });
}, 2000);
});
return asyncRewrite;
}
/*
Add rewriteUserAgentHeader as a listener to onBeforeSendHeaders,
only for the target page.
Make it "blocking" so we can modify the headers.
*/
browser.webRequest.onBeforeSendHeaders.addListener(
rewriteUserAgentHeaderAsync,
{ urls: [targetPage] },
["blocking", "requestHeaders"],
);
Example extensions
Note: This API is based on Chromium's chrome.webRequest
API. This documentation is derived from web_request.json
in the Chromium code.