🎉 Requestly joins BrowserStack to build the future of application testing. Read more

HTTP Headers

Sec WebSocket Extensions

HTTP Header

The HTTP Sec-WebSocket-Extensions request and response header are used during the WebSocket opening handshake to negotiate protocol extensions supported by the client and server.

In a request, the header specifies one or more extensions that the web application wishes to use, arranged in order of preference.
These extensions can be added as multiple headers, or as comma-separated values within a single header.

In a response, the header appears only once, indicating the extension selected by the server from the client’s preferences.
This chosen extension must be the first supported extension from the list provided in the request header.

The request header is automatically added by the browser based on its capabilities and does not depend on parameters passed when creating the WebSocket.

Type of headers involved:

Request header and Response header

Forbidden request header: Yes (Sec- prefix)

Syntax

Request

http
Sec-WebSocket-Extensions: <extensions>

Response

http
Sec-WebSocket-Extensions: <selected-extension>

Directives

A comma-separated list of extensions to request (or for the server to agree to support). These should be selected from the IANA WebSocket Extension Name Registry. Extensions which take parameters delineate them with semicolons.

Example

WebSocket opening handshake

The following illustrates the initial request made by a client to initiate a WebSocket connection, supporting the extensions permessage-deflate and client_max_window_bits.

http
GET /chat HTTP/1.1
Host: example.com:8000
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
Sec-WebSocket-Version: 13
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

The following request, sending separate headers for each extension, is functionally equivalent:

http
GET /chat HTTP/1.1
Host: example.com:8000
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
Sec-WebSocket-Version: 13
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Extensions: client_max_window_bits

Upon acceptance of the connection, the server might respond with the following message to confirm support for the permessage-deflate extension:

http
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=
Sec-WebSocket-Extensions: permessage-deflate

How to Modify Header using Requestly

Requestly is a powerful Chrome extension that allows you to modify HTTP headers, including the Sec-WebSocket-Extensions header. This is especially useful for testing how your WebSocket connections handle different extensions or for debugging extension-related issues during development. Steps to Modify the Sec-WebSocket-Extensions Header:

  1. Install and open the Requestly Chrome extension. You can find it on the Chrome Web Store.
  2. Create a new rule: Click on “Create Rule” and choose “Modify Headers” from the list of available rule types.
  3. Add a new header modification:
    • Under “Action”, select “Add” or “Override”.
    • In the “Header Name” field, enter Sec-WebSocket-Extensions.
    • In the “Header Value” field, enter your desired extension value (e.g., permessage-deflate).
  4. Set the URL condition: Specify the URL or pattern where this header change should apply (e.g., wss://your-websocket-server.com/*).
  5. Save the rule.

Once configured, Requestly will inject the specified Sec-WebSocket-Extensions header into all matching WebSocket handshake requests, allowing you to test how your server or client behaves with different WebSocket extensions enabled.