Product
HTTP Interceptor

A Power HTTP Interceptor to Intercept, Record, Debug & Modify HTTP Requests

API Client

A lightweight and secure API Client for faster API Development & Testing

API Mocking

Build frontend faster without waiting for backend.

Solutions
Frontend Web/Mobile Developers

Requestly improves front-end workflows with local JS testing, mocking, and SessionBook debugging.

For QA engineers

QA engineers love Requestly for its features and ease of use, allowing easy edge case testing.

Support Engineer

Support engineers value Requestly for debugging, demoing, and overriding GTM and Adobe scripts.

Backend Developers

Requestly helps in improving back-end development workflows, by enabling testing.

Pricing
Resources
Pricing
Blog
Case Studies
Status
Github
Release Note
Student Programme
🎉 Requestly joins BrowserStack to build the future of application testing. Read more

HTTP Headers

Set Login

HTTP Header

The HTTP Set-Login response header is sent by a federated identity provider (IdP) to establish its login status, indicating whether a user is currently logged into the IdP within the browser. This information is stored by the browser and utilized by the FedCM API to optimize request frequency to the IdP by avoiding account requests when no users are logged in. Additionally, this mechanism helps prevent potential timing attacks.

The header can be set on any response resulting from a top-level navigation or a same-origin subresource request on the IdP’s website. Any interaction with the IdP site may trigger this header being set, allowing the browser to store the login status.

For more details about managing login status, see Update login status using the Login Status API. The header type is a response header, and it is not a forbidden request header.

Syntax

Set-Login: <status>

Directives

<status>
A string indicating the login status to set for the Identity Provider. Possible values include:

    • logged-in: The IdP currently has at least one user account signed in.
    • logged-out: All user accounts at the IdP are signed out.

Note:
Browsers will ignore this header if it contains any other value.

Example

Set-Login: logged-in
 Set-Login: logged-out</pre

How to Modify Header using Requestly

Requestly is a powerful Chrome extension that allows you to modify HTTP headers, including the Set Login header. This is especially useful for testing how your application handles login sessions and authentication during development or debugging. Steps to Modify the Set Login Header:

  1. Install and open the Requestly Chrome extension. You can find it on the Chrome Web Store.
  2. Create a new rule: Click on “Create Rule” and choose “Modify Headers” from the list of available rule types.
  3. Add a new header modification:
    • Under “Action”, select “Add” or “Override”.
    • In the “Header Name” field, enter Set Login.
    • In the “Header Value” field, enter the desired login information or token value.
  4. Set the URL condition: Specify the URL or pattern where this header change should apply (e.g., https://your-login-api.com/*).
  5. Save the rule.

Once set up, Requestly will inject the Set Login header into all matching requests, allowing you to simulate different login states and test authentication flows on your server. Modifying the Set Login header can help you test how your application manages user sessions without actually logging in each time. It’s a quick way to check authorization and access control during development.