What: A new settings panel that allows developers to inject, override, or remove HTTP headers on ALL outgoing requests without modifying code.
Why: Developers frequently need to test with different auth tokens, tenant IDs, feature flags, or API keys. Currently, they must either:
How: A simple UI in Settings where users can add header rules that are automatically applied to all fetch/XHR requests in the browser.
Before: Change environment variable β Rebuild β Redeploy β Test
After: Add header in EchoKit UI β Refresh page β Test
Time Saved: 5-30 minutes per test iteration
Toggle between different auth tokens/tenants with ONE CLICK
Perfect for multi-tenant testing, role-based access testing, etc.
Export header configuration β Share JSON with team β Import β Everyone has same setup
No more "it works on my machine" issues related to headers
Apply headers only to specific APIs:
- /api/v1/* β Add X-API-Version: 1.0
- /admin/* β Add Authorization: Bearer admin-token
- /graphql β Add X-GraphQL-Context: {...}
User adds header in Settings UI
β
Background service worker stores in chrome.storage
β
Injected script receives updated state
β
fetch/XHR hooks apply headers before network request
β
Headers are included in recorded interactions
Key Components:
extension/shared/app.js) - User configurationextension/background.js) - State managementextension/injected.js) - Header applicationchrome.storage.local) - PersistenceScenario: SaaS app with tenant isolation
Problem: Need to test tenant A, B, C without switching accounts
Solution:
{ "key": "X-Tenant-ID", "value": "tenant-a", "mode": "override", "enabled": true }
{ "key": "X-Tenant-ID", "value": "tenant-b", "mode": "override", "enabled": false }
{ "key": "X-Tenant-ID", "value": "tenant-c", "mode": "override", "enabled": false }
Toggle between tenants instantly.
Scenario: Test with different user roles/permissions
Problem: Login/logout cycles are slow and break flow
Solution:
{ "key": "Authorization", "value": "Bearer user-token", "mode": "override" }
Swap tokens without re-authenticating.
Scenario: Test unreleased features
Problem: Feature flags controlled by backend, need code deploy to test
Solution:
{ "key": "X-Feature-Flags", "value": "new-checkout,beta-ui", "mode": "add" }
Enable flags client-side for testing.
Scenario: Clean testing without analytics noise
Problem: Tracking headers pollute logs and metrics during dev
Solution:
{ "key": "X-Client-ID", "mode": "remove" }
{ "key": "X-Session-ID", "mode": "remove" }
Strip headers before requests are sent.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Global Request Headers β
β Inject, override, or remove headers on all outgoing requests β
β β
β βββββββββββββββββ¬βββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββ¬ββββ β
β β Header Name β Value β Mode β URL β β β Γ β β
β βββββββββββββββββΌβββββββββββββββΌβββββββββββΌβββββββββΌββββΌββββ€ β
β β Authorization β Bearer abc.. β override β /api β β β Γ β β
β β X-Tenant-ID β tenant-42 β add β β β β Γ β β
β β X-Debug β β remove β β β Γ β β
β βββββββββββββββββ΄βββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββ΄ββββ β
β β
β [+ Add Request Header] β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Columns:
Authorization)remove mode)add, override, remove)addBehavior: Add header if it doesnβt exist (skip if already present)
Use Case: Default headers that app might already send
Original: { "Content-Type": "application/json" }
Rule: { "key": "X-Custom", "value": "test", "mode": "add" }
Result: { "Content-Type": "application/json", "X-Custom": "test" }
overrideBehavior: Set header value (replace if exists, add if doesnβt)
Use Case: Force specific header value
Original: { "Authorization": "Bearer old-token" }
Rule: { "key": "Authorization", "value": "Bearer new-token", "mode": "override" }
Result: { "Authorization": "Bearer new-token" }
removeBehavior: Delete header from request
Use Case: Strip tracking/analytics headers
Original: { "Authorization": "Bearer token", "X-Track": "123" }
Rule: { "key": "X-Track", "mode": "remove" }
Result: { "Authorization": "Bearer token" }
| Aspect | Global Request Headers | Per-API Override Headers |
|---|---|---|
| Scope | All matching requests | Single API interaction |
| Setup | One-time in Settings | Manual per API |
| URL Filtering | β Yes | β No |
| Persistence | Survives refresh | Tied to recording |
| Best For | Auth, tenant IDs, flags | Mock-specific responses |
Can both be used? Yes! Global headers apply first, then per-API overrides.
requestHeaders in settings)applyRequestHeaders() functionFEATURE_GLOBAL_REQUEST_HEADERS.md) - Full technical designIMPLEMENTATION_GUIDE_REQUEST_HEADERS.md) - Step-by-step code changesDEVELOPER_CONFIG_EXAMPLES.md) - 10+ real-world templatesPRODUCT_STRATEGY_ROLLOUT.md) - GTM strategy and timelineVision: Complete Request/Response manipulation suite for developers.
Questions? See the detailed docs in /memory/FEATURE_*.md