🎉 Requestly joins BrowserStack to build the future of application testing. Read more
Modify Headers

Modify HTTP Request & Response Headers

Bypass CORS

Remove X-Frame-Options

Manage Content-Security-Policy

Get started for free
Documentation ->
4.4 ⭐  1100+ Ratings, 200,000+  developers

Trusted by 200,000+ developers, from next-gen startups to Fortune 500 companies.

Modify HTTP Headers Without Code Changes

Add, remove, or override request and response headers right from your browser. Debug faster, test smarter, and unlock restricted content.

Remove X-Frame-Options

Disable the X-Frame-Options header to allow iframe embedding during local development and testing.
Download Now ->
Bypass CORS​​ - Modify HTTP Headers

Bypass CORS & Security Restrictions

Override CORS response headers with proper values to fix the CORS Issues in your local development & testing.

Authenticate API Requests​

Automatically add or modify the Authorization header to pass JWTs or API keys for secure access.​
Download Now ->

Insert Custom Headers

Attach custom headers like x-userId, x-feature-flag, or any test data to simulate user-specific behavior.
Authorization - Modify HTTP Headers

Collaboration & 1-Click Sharing

Promote consistency and accelerate development by sharing Requestly rules within your team.

Popular Use Cases

Modify/ Bypass CORS

Bypass CORS errors during development by modifying response headers locally, without changing anything on the server.

Set Authorization Header

Inject auth tokens into request headers to test APIs without logging in or changing your code.

Modify Cookie Header

Add, modify, or remove Cookie headers in requests to fake sessions, test edge cases, or debug issues, no need to touch your browser storage.

Built for teams

Effortless team collaboration

Share instantly, sync effortlessly, and collaborate effectively with your team in dedicated workspaces.

Quick One time sharing

Instantly generate and share a link to your rules and more

Team workspaces

Collaborate easily with teammates in a shared workspace.

Export data & sync to Git

Easily version-control your configs by exporting and syncing

Secure and private

Enterprise-ready security and compliance

Requestly ensures top-tier security with SOC-II compliance, SSO integration, and role-based access control. We protect your data and secure your workflows, making us the ideal choice for enterprises.
Requestly security and compliance

SOC-II Compliance

Adheres to rigorous security standards for data protection and privacy.

Single Sign-On (SSO)

Simplifies user access with secure, centralized authentication.

Role-based access control

Ensures precise control over user permissions and data access.

Data encryption

Protects your data in transit and at rest with advanced encryption protocols.

Audit logs

Protects your data in transit and at rest with advanced encryption protocols.

Regular security updates

Keeps your environment secure with timely updates and patches.
Customers love us

Loved by developers around the World

Developers around the world trust us to simplify debugging, speed up workflows, and make development more efficient.

Frequently Asked Questions​

There are frequently asked questions related to Requestly

Can I modify response headers for a URL that already has another rule applied?

Yes, you can. Requestly processes rules in a defined order, and the Modify HTTP Response Headers rule can still be applied even if the same URL is affected by other rules such as Redirect, Modify Request, or Modify API Response. This allows you to layer rules and test complex scenarios easily.

Can I modify CORS and CSP headers?

Yes, you can add, remove or modify CORS-related headers such as Access-Control-Allow-Origin, Content-Security-Policy, etc., to test cross-origin behavior in development.

Is Requestly open-source

Is Requestly free to use ?

Yes. Requestly offers a Free plan with essential features like unlimited header rules and standard HTTP modifications, perfect for getting started.

Does Requestly offer an enterprise plan?

Yes. Requestly offers an Enterprise Plan built for larger teams and organizations that need full control and compliance. It includes unlimited usage, API access, SSO & SAML, GDPR and SOC 2 compliance, user access management, SLAs for support and uptime, invoice-based billing, and priority support via Slack Connect, Email, and Chat.

Is Requestly free for students?

Yes! Requestly is free for students, enjoy access to powerful tools and features with no cost.

Why are my response header modifications not visible in the browser’s dev tools?

Response header modifications done by Requestly are not always visible in the browser’s dev tools, but rest assured, they are being applied correctly. You can verify it by inspecting the network traffic through Requestly itself.

Why Aren’t My Requestly Rules Working?

How do I modify headers using Requestly?

Can I apply header modifications to specific HTTP methods (GET, POST, etc.)?

Yes, you can apply header modifications to specific HTTP methods by specifying the method condition within the rule settings. This ensures that headers are modified only for requests of certain types. For a detailed guide,.

Can I import my ModHeader settings directly into Requestly?

Yes, Requestly supports one-click migration to seamlessly import your ModHeader settings, making the transition quick and easy.