Product
HTTP Interceptor

A Power HTTP Interceptor to Intercept, Record, Debug & Modify HTTP Requests

API Client

A lightweight and secure API Client for faster API Development & Testing

API Mocking

Build frontend faster without waiting for backend.

Solutions
Frontend Web/Mobile Developers

Requestly improves front-end workflows with local JS testing, mocking, and SessionBook debugging.

For QA engineers

QA engineers love Requestly for its features and ease of use, allowing easy edge case testing.

Support Engineer

Support engineers value Requestly for debugging, demoing, and overriding GTM and Adobe scripts.

Backend Developers

Requestly helps in improving back-end development workflows, by enabling testing.

Pricing
Resources
Pricing
Blog
Case Studies
Status
Github
Release Note
Student Programme
🎉 Requestly joins BrowserStack to build the future of application testing. Read more

HTTP Headers

Sec WebSocket Key

HTTP Header

The HTTP Sec-WebSocket-Key request header is used during the WebSocket opening handshake to enable a client (user agent) to verify that it genuinely intends to upgrade the connection to a WebSocket.
The value of this key is computed using an algorithm specified in the WebSocket protocol, but it does not provide security.
Rather, it serves to prevent non-WebSocket clients from unintentionally or mistakenly requesting a WebSocket connection.

This header is automatically added by user agents when a script initiates a WebSocket connection. It cannot be set manually using the fetch() or XMLHttpRequest.setRequestHeader() methods.

The server’s Sec-WebSocket-Accept response header should include a value derived from the specified key, allowing the user agent to validate the response before confirming the connection.

Header typeRequest header
Forbidden request headerYes (Sec- prefix)

Syntax

Syntax

http
Sec-WebSocket-Key: <key>

Directives

The key for this request to upgrade. This is a randomly selected 16-byte nonce that has been base64-encoded and isomorphic encoded. The user agent adds this when initiating the WebSocket connection.

Example

The client initiates a WebSocket handshake by sending a request that begins as an HTTP GET request (HTTP/1.1 or later). This request includes a header called Sec-WebSocket-Key and an Upgrade header, which indicates the desire to upgrade from an HTTP connection to a WebSocket connection.

The handshake request typically looks like this:

GET /chat HTTP/1.1
Host: example.com:8000
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
Sec-WebSocket-Version: 13

In response, the server should reply with a status indicating protocol switch and include a header called Sec-WebSocket-Accept, which is computed from the Sec-WebSocket-Key sent in the request. This confirms the server’s acceptance to establish a WebSocket connection:

HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=

How to Modify Header using Requestly

Requestly is a powerful Chrome extension that allows you to modify HTTP headers, including the Sec-WebSocket-Key header. This is especially useful for testing WebSocket connection behaviors or debugging issues related to WebSocket handshakes during development. Steps to Modify the Sec-WebSocket-Key Header:

  1. Install and open the Requestly Chrome extension. You can find it on the Chrome Web Store.
  2. Create a new rule: Click on “Create Rule” and choose “Modify Headers” from the list of available rule types.
  3. Add a new header modification:
    • Under “Action”, select “Add” or “Override”.
    • In the “Header Name” field, enter Sec-WebSocket-Key.
    • In the “Header Value” field, enter your desired base64-encoded key value.
  4. Set the URL condition: Specify the URL or pattern where this header change should apply (e.g., wss://your-websocket-server.com/*).
  5. Save the rule.

After saving, Requestly will modify the Sec-WebSocket-Key header on all matching WebSocket handshake requests, allowing you to test how the server handles different keys or to debug WebSocket connection issues.