Product
HTTP Interceptor

A Power HTTP Interceptor to Intercept, Record, Debug & Modify HTTP Requests

API Client

A lightweight and secure API Client for faster API Development & Testing

API Mocking

Build frontend faster without waiting for backend.

Solutions
Frontend Web/Mobile Developers

Requestly improves front-end workflows with local JS testing, mocking, and SessionBook debugging.

For QA engineers

QA engineers love Requestly for its features and ease of use, allowing easy edge case testing.

Support Engineer

Support engineers value Requestly for debugging, demoing, and overriding GTM and Adobe scripts.

Backend Developers

Requestly helps in improving back-end development workflows, by enabling testing.

Pricing
Resources
Pricing
Blog
Case Studies
Status
Github
Release Note
Student Programme
🎉 Requestly joins BrowserStack to build the future of application testing. Read more

Using Requestly for HTTP authorization

Dinesh Thakur
June 5, 2025
3MIN READ
Learn how to test authentication headers using Requestly. Understand common HTTP auth headers, modify them for changing user rule, security testing, and streamline your QA workflow.

Authentication is how websites and apps make sure you are who you say you are. It’s what allows users to log in, access their personal data, and use protected features like paid services etc.

In most web apps, Authorization happens through HTTP requests. These requests include headers—small pieces of information sent along with each request. One important job of headers is to carry authentication credentials, like tokens or API keys, so the server knows which user is making the request.

As a developer or tester, you might need to simulate different authentication scenarios:

  • Pretend to be a logged-in or logged-out user
  • Switch between different user roles (like admin vs regular user)
  • Test how your app handles expired or invalid tokens

Instead of changing backend code or modifying frontend logic, you can use tools like Requestly to modify these headers on the fly—directly in your browser. But before we dive into how, let’s take a closer look at how headers are used in authentication.

Authentication and Headers

Every time your app sends a request to a server, it can include authentication headers that prove who the user is. These headers vary depending on the authentication method you’re using. Here are some common types of authentication headers you might encounter:

Common Authentication Headers

Auth MethodHeader NameExample ValueWhat It Does
Basic AuthAuthorizationBasic dXNlcm5hbWU6cGFzc3dvcmQ=Sends base64-encoded username and password
Bearer TokenAuthorizationBearer eyJhbGciOiJIUzI1NiIsInR5cCI...Sends a JWT or token for identifying the user
API Keyx-api-key12345-abcde-67890Passes a key that gives access to the API
OAuth 2.0AuthorizationBearer <access_token>Sends a token obtained through OAuth login
Custom Tokenx-auth-tokenabcdef123456A custom token header used in many web apps
Session CookiesCookiesession_id=abc123; logged_in=trueBrowser sends stored cookies to the server with each request
Set-Cookie (server)Set-Cookiesession_id=abc123; HttpOnly; SecureServer uses this header to set a cookie in the browser for future requests

These headers are usually added automatically once a user logs in, but during development or testing, it’s often useful to manually add or modify them. That’s exactly what you can do with Requestly—making it easy to test authentication behaviour without writing extra code.

Testing Authentication with Requestly

Requestly is a powerful tool that helps developers, testers, and QA engineers intercept and modify network requests right in the browser. It’s available as a browser extension and a desktop app, and it offers a wide range of features like modifying headers, redirecting URLs, blocking requests, mocking API responses, and more.

One of the most useful features for testing authentication is its ability to modify HTTP headers—both requests and responses.

How To Modify Auth Headers in Requestly

Requestly lets you create rules that automatically apply to network requests your browser makes. For authentication testing, this means you can:

  • Add an authentication header (like Authorization or x-api-key)
  • Modify an existing header (e.g., swap out a token for another user)
  • Remove a header (to simulate missing credentials)

These changes happen in real time—no need to update code, rebuild your app, or reconfigure your backend.

Example Use Case: Simulate a Logged-In User

Let’s say your app uses a Bearer token for authentication. You can:

  1. Download and Install Requestly.
  2. In the dashboard navigate to Rules
  1. Here go to Create New RuleModify Headers.
  1. Enter URL of your backend / auth server.
  1. Choose Request Headers and add or Override the request header
    • Header Name: Authorization
    • Header Value: Bearer your-jwt-token-here
  1. Apply the rule and refresh your app

Now your app will behave as if a logged-in user is making requests—with no need to go through the login flow every time.

Want to Learn More About HTTP Headers?

Here are some helpful resources to deepen your understanding:

Written by
Dinesh Thakur
Dinesh Thakur, fascinated by technology since childhood, has mastered programming through dedication. Whether working solo or in a team, he thrives on challenges, crafting innovative solutions.

Related posts

customer story - OpenWeb
Four Years On, Requestly Still Drives OpenWeb’s QA Efficiency
OpenWeb boosts QA efficiency with Requestly Workspaces—enabling safe, fast testing across clusters, bundles, and environments without code changes.
Akanksha Bhadauria
June 9, 2025
Free HTTP Header Modification Tool in 2025
Discover the best free HTTP header modification tool in 2025. Easily add, remove, or override headers for debugging, testing, and development.
Kanishk Rawat
June 5, 2025
How to Change Your IP Address Using Requestly
Learn how to change or spoof your IP address using the X-Forwarded-For header with Requestly. Step-by-step guide for developers to simulate client IPs easily
Dinesh Thakur
June 1, 2025