Allow developers to inject custom headers into all outgoing requests (both real traffic and mocked responses) without modifying per-API configurations. This empowers developers to:
Authorization: Bearer <token>)User-Agent, X-API-Key, X-Tenant-ID across all APIsX-Feature-Flag: new-checkout)As a frontend developer, I want to add a global Authorization header so I can test with different user tokens without editing each API individually.
As a QA engineer, I want to override the X-Tenant-ID header globally to test multi-tenant scenarios without changing application code.
As a backend developer, I want to inject custom headers to simulate feature flags or A/B test cohorts.
As a security tester, I want to remove certain headers (like cookies or tracking IDs) globally to test auth fallback mechanisms.
Add a new requestHeaders array to settings:
settings = {
corsOverride: false,
scope: 'domain',
theme: 'dark',
autoOpenOnRefresh: true,
blocklist: [],
rewriteRules: [],
transformRules: [],
requestHeaders: [ // NEW
{
key: 'Authorization',
value: 'Bearer abc123...',
mode: 'add', // 'add' | 'override' | 'remove'
enabled: true,
urlPattern: '', // blank = apply to all URLs, or substring match
}
]
}
add โ Add header if it doesnโt exist (leave existing values untouched)override โ Set header value (replace if exists, add if doesnโt)remove โ Delete the header from the requestReal Requests (fetch/XHR):
injected.js before calling origFetch() or origSend()Headers object or XHRโs setRequestHeader()Mocked Responses (when mocking is on):
Recording:
Add a new section: โGlobal Request Headersโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Global Request Headers โ
โ Inject, override, or remove headers on ALL requests โ
โ โ
โ โโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโฌโโโโโโโโโโโฌโโโโโโฌโโโโโ โ
โ โ Header Name โ Value โ Mode โ URL โ โ โ โ
โ โโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโผโโโโโโโโโโโผโโโโโโผโโโโโค โ
โ โ Authorizationโ Bearer abc123โ override โ โ โ โ โ
โ โ X-Tenant-ID โ tenant-42 โ add โ /apiโ โ โ โ
โ โ X-Debug โ โ remove โ โ โ โ โ
โ โโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโโโดโโโโโโดโโโโโ โ
โ โ
โ [+ Add Request Header] โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Columns:
Authorization)remove mode)add, override, remove)state.requestHeaders to the injected script stateapplyRequestHeaders(headers, url) function
applyResponseTransforms()// Before: res = await origFetch(input, init);
// After:
const modifiedHeaders = applyRequestHeaders(reqHeaders, url);
const modifiedInit = { ...init, headers: modifiedHeaders };
res = await origFetch(input, modifiedInit);
XHR.prototype.send to inject headers before calling origSend()background.js:
let settings = {
// ... existing
requestHeaders: []
};
pushTabMeta():
safeSend(tabId, {
type: 'echokit:tabState',
payload: {
...st,
requestHeaders: settings.requestHeaders || []
}
});
renderSettings()rh-key, rh-value, rh-mode, rh-url, rh-toggle, rh-remove, rh-addremove mode doesnโt need a valuetests/smoke_echokit.py:
--request-headers flag to echokit-serverX-Feature-Flag to test unreleased features// Add global header
{ key: 'Authorization', value: 'Bearer user-123-token', mode: 'override', enabled: true }
// All requests now include this header
// Switch to different user by changing value to 'Bearer user-456-token'
// Switch between tenants instantly
{ key: 'X-Tenant-ID', value: 'tenant-A', mode: 'override', urlPattern: '/api', enabled: true }
// Disable rule, enable a different one for tenant-B
{ key: 'X-Tenant-ID', value: 'tenant-B', mode: 'override', urlPattern: '/api', enabled: false }
// Remove analytics headers for cleaner testing
{ key: 'X-Client-ID', mode: 'remove', enabled: true }
{ key: 'X-Session-ID', mode: 'remove', enabled: true }
.env: Auto-populate headers from environment files