Product
HTTP Interceptor

A Power HTTP Interceptor to Intercept, Record, Debug & Modify HTTP Requests

API Client

A lightweight and secure API Client for faster API Development & Testing

API Mocking

Build frontend faster without waiting for backend.

Solutions
Frontend Web/Mobile Developers

Requestly improves front-end workflows with local JS testing, mocking, and SessionBook debugging.

For QA engineers

QA engineers love Requestly for its features and ease of use, allowing easy edge case testing.

Support Engineer

Support engineers value Requestly for debugging, demoing, and overriding GTM and Adobe scripts.

Backend Developers

Requestly helps in improving back-end development workflows, by enabling testing.

Pricing
Resources
Pricing
Blog
Case Studies
Status
Github
Release Note
Student Programme
🎉 Requestly joins BrowserStack to build the future of application testing. Read more

HTTP Headers

Sec Purpose

HTTP Header

The HTTP Sec-Purpose fetch metadata request header indicates the purpose for which the requested resource will be used, when that purpose is different from immediate use by the user-agent.

The only currently defined purpose is prefetch, which signifies that the resource is requested in anticipation of being needed by a page likely to be navigated to soon, such as a link in search results or one that a user has hovered over.
The server can utilize this information to modify caching durations, disallow the request, or treat it differently when tallying page visits.

This header is sent when a page loads that contains a <link> element with the attribute rel="prefetch".

Header typeFetch Metadata Request Header
Forbidden request headerYes (Sec- prefix)
CORS-safelisted request headerNo

Syntax

Syntax

http
Sec-Purpose: prefetch

Directives

The allowed tokens are:

The purpose of the prefetch directive is to prefetch a resource that might be needed in a potential future navigation.

Example

Examples

Consider the case where a browser loads a file with a <link> element that has the attribute rel=”prefetch” and an href attribute containing the address of an image file.
The resulting fetch() should result in an HTTP request where Sec-Purpose: prefetch, Sec-Fetch-Dest: empty, and an Accept value that is the same as the browser uses for page navigation.

An example of such a header (on Firefox) is given below:

http
GET /images/some_image.png HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Purpose: prefetch
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

Note:
At the time of writing Firefox incorrectly sets the Accept header as Accept: */* for prefetches.
The example has been modified to show what the Accept value should be.
This issue can be tracked in Firefox bug 1836334.

How to Modify Header using Requestly

Requestly is a powerful Chrome extension that allows you to modify HTTP headers, including the Sec-Purpose header. This can help you test how your server or application reacts to different security or fetch purposes in development and debugging. Steps to Modify the Sec-Purpose Header:

  1. Install and open the Requestly Chrome extension. You can find it on the Chrome Web Store.
  2. Create a new rule: Click on “Create Rule” and choose “Modify Headers” from the list of available rule types.
  3. Add a new header modification:
    • Under “Action”, select “Add” or “Override”.
    • In the “Header Name” field, enter Sec-Purpose.
    • In the “Header Value” field, enter your desired purpose value (e.g., prefetch).
  4. Set the URL condition: Specify the URL or pattern where this header change should apply (e.g., https://example.com/*).
  5. Save the rule.

Once set up, Requestly will inject the Sec-Purpose header with your specified value into all matching requests, helping you simulate different fetch intents and test how your application manages these scenarios. Modifying the Sec-Purpose header is useful when you want to understand how your server or client handles different resource fetching purposes like prefetching or prerendering. This can improve performance and security by ensuring your app responds properly to these directives.