Product
HTTP Interceptor

A Power HTTP Interceptor to Intercept, Record, Debug & Modify HTTP Requests

API Client

A lightweight and secure API Client for faster API Development & Testing

API Mocking

Build frontend faster without waiting for backend.

Solutions
Frontend Web/Mobile Developers

Requestly improves front-end workflows with local JS testing, mocking, and SessionBook debugging.

For QA engineers

QA engineers love Requestly for its features and ease of use, allowing easy edge case testing.

Support Engineer

Support engineers value Requestly for debugging, demoing, and overriding GTM and Adobe scripts.

Backend Developers

Requestly helps in improving back-end development workflows, by enabling testing.

Pricing
Resources
Pricing
Blog
Case Studies
Status
Github
Release Note
Student Programme
🎉 Requestly joins BrowserStack to build the future of application testing. Read more

HTTP Headers

Sec Speculation Tags

HTTP Header

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The HTTP <code>Sec-Speculation-Tags</code> request header contains one or more <code>tag</code> values from the speculation rules that resulted in the speculation. This allows a server to identify which rule(s) caused a speculation and potentially block them.

For example, a CDN may automatically insert speculation rules, but block speculations for resources not cached in the CDN to avoid unintended consequences. The Sec-Speculation-Tags header allows the CDN to differentiate between the rules it has inserted (which should be blocked in this case) and speculation rules added by the site owner (which should not be blocked).

It can be classified as a request header, with the prefix Sec-. It is a forbidden request header starting with the Sec- prefix and is subject to restrictions in certain contexts.

Syntax

Sec-Speculation-Tags: <tag-list>

Directives

<tag-list>

A comma-separated list of tags indicating Speculation Rules API rules that may have initiated this request. See Speculation rules JSON representation for the syntax reference.

Example

Examples

Some examples demonstrating the behavior of speculation rules are provided below.

When a speculation occurs due to a speculation rule with no explicit tag, the server receives a header with a null value for Sec-Speculation-Tags.

Example of speculation with no tag:

html
<script type="speculationrules">
 {
 "prefetch": [
 {
 "urls": ["next.html", "next2.html"]
 }
 ]
 }
</script>

http
Sec-Speculation-Tags: null

If a speculation is triggered based on a rule with a specific tag, then that tag is reported in the header.

Example of speculation with a tag:

html
<script type="speculationrules">
 {
 "prefetch": [
 {
 "tag": "my-rule",
 "urls": ["next.html", "next2.html"]
 }
 ]
 }
</script>

http
Sec-Speculation-Tags: "my-rule"

When multiple tags are present at different levels of a speculation rule, all corresponding tags are included in the header.

Example with multiple tags:

html
<script type="speculationrules">
 {
 "tag": "my-ruleset",
 "prefetch": [
 {
 "tag": "my-rule",
 "urls": ["next.html", "next2.html"]
 }
 ]
 }</script>

http
Sec-Speculation-Tags: "my-ruleset", "my-rule"

Speculation can be triggered by multiple rules. For example:

html
<script type="speculationrules">
 {
 "prefetch": [
 {
 "tag": "my-rule",
 "urls": ["next.html", "next2.html"],
 "eagerness": "moderate"
 }
 ]
 }</script>
<script type="speculationrules">
 {
 "prefetch": [
 {
 "tag": "cdn-rule",
 "urls": ["next.html", "next.html"],
 "eagerness": "conservative"
 }
 ]
 }</script>

http
Sec-Speculation-Tags: "my-rule", "cdn-rule"

Multiple rules with and without tags can be combined, with rules without tags represented as nulls in the header. For example:

html
<script type="speculationrules">
 {
 "prefetch": [
 {
 "urls": ["next.html", "next2.html"],
 "eagerness": "moderate"
 }
 ]
 }</script>
<script type="speculationrules">
 {
 "prefetch": [
 {
 "tag": "cdn-rule",
 "urls": ["next.html", "next.html"],
 "eagerness": "conservative"
 }
 ]
 }</script>

How to Modify Header using Requestly

Requestly is a powerful Chrome extension that allows you to modify HTTP headers, including the Sec-Speculation-Tags header. This can be helpful for testing how your browser or application handles speculative execution controls and security-related features. Steps to Modify the Sec Speculation Tags Header:

  1. Install and open the Requestly Chrome extension. You can find it on the Chrome Web Store.
  2. Create a new rule: Click on “Create Rule” and choose “Modify Headers” from the list of available rule types.
  3. Add a new header modification:
    • Under “Action”, select “Add” or “Override”.
    • In the “Header Name” field, enter Sec-Speculation-Tags.
    • In the “Header Value” field, enter your preferred value (e.g., 1 or any specific tag you want to test).
  4. Set the URL condition: Specify the URL or pattern where this header change should apply (e.g., https://your-api.com/*).
  5. Save the rule.

Once configured, Requestly will insert the Sec-Speculation-Tags header into all matching requests, enabling you to test how different speculative execution tags affect your application or browser behavior. Modifying the Sec-Speculation-Tags header can help developers simulate and debug security features related to speculative execution attacks, ensuring their applications handle these tags correctly for improved protection and performance.