HTTP Headers
Sec WebSocket Extensions
The HTTP Sec-WebSocket-Extensions request and response header are used during the WebSocket opening handshake to negotiate protocol extensions supported by the client and server.
In a request, the header specifies one or more extensions that the web application wishes to use, arranged in order of preference.
These extensions can be added as multiple headers, or as comma-separated values within a single header.
In a response, the header appears only once, indicating the extension selected by the server from the client’s preferences.
This chosen extension must be the first supported extension from the list provided in the request header.
The request header is automatically added by the browser based on its capabilities and does not depend on parameters passed when creating the WebSocket
.
Type of headers involved:
Request header and Response header
Forbidden request header: Yes (Sec-
prefix)
Syntax
Request
Sec-WebSocket-Extensions: <extensions>
Response
Sec-WebSocket-Extensions: <selected-extension>
Directives
A comma-separated list of extensions to request (or for the server to agree to support). These should be selected from the IANA WebSocket Extension Name Registry. Extensions which take parameters delineate them with semicolons.
Example
WebSocket opening handshake
The following illustrates the initial request made by a client to initiate a WebSocket connection, supporting the extensions permessage-deflate and client_max_window_bits.
GET /chat HTTP/1.1
Host: example.com:8000
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
Sec-WebSocket-Version: 13
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
The following request, sending separate headers for each extension, is functionally equivalent:
GET /chat HTTP/1.1
Host: example.com:8000
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
Sec-WebSocket-Version: 13
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Extensions: client_max_window_bits
Upon acceptance of the connection, the server might respond with the following message to confirm support for the permessage-deflate extension:
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=
Sec-WebSocket-Extensions: permessage-deflate
How to Modify Header using Requestly
- Install and open the Requestly Chrome extension. You can find it on the Chrome Web Store.
- Create a new rule: Click on “Create Rule” and choose “Modify Headers” from the list of available rule types.
- Add a new header modification:
- Under “Action”, select “Add” or “Override”.
- In the “Header Name” field, enter Sec-WebSocket-Extensions.
- In the “Header Value” field, enter your desired extension value (e.g., permessage-deflate).
- Set the URL condition: Specify the URL or pattern where this header change should apply (e.g., wss://your-websocket-server.com/*).
- Save the rule.
Once configured, Requestly will inject the specified Sec-WebSocket-Extensions header into all matching WebSocket handshake requests, allowing you to test how your server or client behaves with different WebSocket extensions enabled.
Table of Contents
- No headings found.