Fired when the HTTP response headers for a request are received. Use this event to modify HTTP response headers.
To have the response headers passed into the listener, along with the rest of the request data, pass "responseHeaders" in the extraInfoSpec array.
If you use "blocking", you must have the "webRequestBlocking" API permission in your manifest.json.
It is possible for extensions to make conflicting requests. If two extensions listen to onHeadersReceived for the same request and return responseHeaders to set the same header (for example, Set-Cookie) not present in the original response, only one of the changes will succeed.
However, the Content-Security-Policy header is treated differently; its values are combined to apply all the specified policies. But, if two extensions set a CSP value that conflicts, the CSP service makes the restriction more strict to resolve the conflict. For example, if one extension sets img-src: example.com, and another extension sets img-src: example.org, the result is img-src: 'none'. Merged modifications always lean towards being more restrictive, though an extension may remove the original CSP header.
If you want to see the headers that are processed by the system, without the risk that another extension will alter them, use webRequest.onResponseStarted, although you can't modify headers on this event.
Syntax
browser.webRequest.onHeadersReceived.addListener(
listener,
filter,
extraInfoSpec
)
browser.webRequest.onHeadersReceived.removeListener(listener)
browser.webRequest.onHeadersReceived.hasListener(listener)
Events have three functions:
-
Adds a listener to this event.
-
removeListener(listener)
-
Stop listening to this event. The listener argument is the listener to remove.
-
hasListener(listener)
-
Check whether listener is registered for this event. Returns true if it is listening, false otherwise.
Parameters
-
callback
-
The function called when this event occurs. The function is passed the following arguments:
-
details
-
object. Details of the request. This will include response headers if you have included "responseHeaders" in extraInfoSpec.
Returns: webRequest.BlockingResponse. If "blocking" is specified in the extraInfoSpec parameter, the event listener will return a BlockingResponse object, and can set its responseHeaders property. In Firefox, the return value can be a Promise that resolves to a BlockingResponse.
-
filter
-
webRequest.RequestFilter. A set of filters that restricts the events that are sent to this listener.
-
array of string. Extra options for the event. You can pass any of the following values:
"blocking" to make the request synchronous, so you can modify request and response headers"responseHeaders" to include the response headers in the details object passed to the listener
details
-
cookieStoreId
-
string. If the request is from a tab open in a contextual identity, the cookie store ID of the contextual identity.
-
documentUrl
-
string. URL of the document in which the resource will be loaded. For example, if the web page at "https://example.com" contains an image or an iframe, then the documentUrl for the image or iframe will be "https://example.com". For a top-level document, documentUrl is undefined.
-
frameAncestors
-
array. Information for each document in the frame hierarchy up to the top-level document. The first element in the array contains information about the immediate parent of the document being requested, and the last element contains information about the top-level document. If the load is for the top-level document, then this array is empty.
-
url
-
string. The URL that the document was loaded from.
-
frameId
-
integer. The frameId of the document. details.frameAncestors[0].frameId is the same as details.parentFrameId.
-
frameId
-
integer. Zero if the request happens in the main frame; a positive value is the ID of a subframe in which the request happens. If the document of a (sub-)frame is loaded (type is main_frame or sub_frame), frameId indicates the ID of this frame, not the ID of the outer frame. Frame IDs are unique within a tab.
-
fromCache
-
boolean. Whether the response is fetched from disk cache.
-
incognito
-
boolean. Whether the request is from a private browsing window.
-
ip
-
string. The IP address of the server the request was sent to. It may be a literal IPv6 address.
-
method
-
string. Standard HTTP method: for example, "GET" or "POST".
-
originUrl
-
string. URL of the resource that triggered the request. For example, if "https://example.com" contains a link, and the user clicks the link, then the originUrl for the resulting request is "https://example.com".
The originUrl is often but not always the same as the documentUrl. For example, if a page contains an iframe, and the iframe contains a link that loads a new document into the iframe, then the documentUrl for the resulting request is the iframe's parent document, but the originUrl is the URL of the document in the iframe that contained the link.
-
parentFrameId
-
integer. ID of the frame that contains the frame that sent the request. Set to -1 if no parent frame exists.
-
proxyInfo
-
object. This property is present only if the request is being proxied. It contains the following properties:
-
host
-
string. The hostname of the proxy server.
-
port
-
integer. The port number of the proxy server.
-
type
-
string. The type of proxy server. One of:
- "http": HTTP proxy (or SSL CONNECT for HTTPS)
- "https": HTTP proxying over TLS connection to proxy
- "socks": SOCKS v5 proxy
- "socks4": SOCKS v4 proxy
- "direct": no proxy
- "unknown": unknown proxy
-
username
-
string. Username for the proxy service.
-
proxyDNS
-
boolean. True if the proxy will perform domain name resolution based on the hostname supplied, meaning that the client should not do its own DNS lookup.
-
failoverTimeout
-
integer. Failover timeout in seconds. If the proxy connection fails, the proxy will not be used again for this period.
-
requestId
-
string. The ID of the request. Request IDs are unique within a browser session, so you can use them to relate different events associated with the same request.
-
webRequest.HttpHeaders. The HTTP response headers that were received for this request.
-
statusCode
-
integer. Standard HTTP status code returned by the server.
-
statusLine
-
string. HTTP status line of the response or the 'HTTP/0.9 200 OK' string for HTTP/0.9 responses (that is, responses that lack a status line).
-
tabId
-
integer. ID of the tab in which the request takes place. Set to -1 if the request isn't related to a tab.
-
thirdParty
-
boolean. Indicates whether the request and its content window hierarchy are third party.
-
timeStamp
-
number. The time when this event fired, in milliseconds since the epoch.
-
type
-
webRequest.ResourceType. The type of resource being requested: for example, "image", "script", "stylesheet".
-
url
-
string. Target of the request.
-
urlClassification
-
object. The type of tracking associated with the request, if with the request has been classified by Firefox Tracking Protection. This is an object with the following properties:
-
firstParty
-
array of strings. Classification flags for the request's first party.
-
thirdParty
-
array of strings. Classification flags for the request or its window hierarchy's third parties.
The classification flags include:
fingerprinting and fingerprinting_content: indicates the request is involved in fingerprinting. fingerprinting_content indicates the request is loaded from an origin that has been found to fingerprint but is not considered to participate in tracking, such as a payment provider.cryptomining and cryptomining_content: similar to the fingerprinting category but for cryptomining resources.tracking, tracking_ad, tracking_analytics, tracking_social, and tracking_content: indicates the request is involved in tracking. tracking is any generic tracking request, the ad, analytics, social, and content suffixes identify the type of tracker.any_basic_tracking: a meta flag that combines any tracking and fingerprinting flags, excluding tracking_content and fingerprinting_content.any_strict_tracking: a meta flag that combines any tracking and fingerprinting flags, including tracking_content and fingerprinting_content.any_social_tracking: a meta flag that combines any social tracking flags.
Browser compatibility
|
Desktop |
Mobile |
|
Chrome |
Edge |
Firefox |
Internet Explorer |
Opera |
Safari |
WebView Android |
Chrome Android |
Firefox for Android |
Opera Android |
Safari on IOS |
Samsung Internet |
onHeadersReceived |
YesAsynchronous event listeners are not supported.
|
14Asynchronous event listeners are not supported.
|
45["Modification of the 'Content-Type' header is supported from version 51.", "Asynchronous event listeners are supported from version 52."]
|
? |
YesAsynchronous event listeners are not supported.
|
14extraInfoSpec options are not supported.
|
? |
? |
48["Modification of the 'Content-Type' header is supported from version 51.", "Asynchronous event listeners are supported from version 52."]
|
? |
No |
? |
Examples
This code sets an extra cookie when requesting a resource from the target URL:
let targetPage = "https://developer.mozilla.org/en-US/Firefox/Developer_Edition";
function setCookie(e) {
const setMyCookie = {
name: "Set-Cookie",
value: "my-cookie1=my-cookie-value1"
};
e.responseHeaders.push(setMyCookie);
return { responseHeaders: e.responseHeaders };
}
browser.webRequest.onHeadersReceived.addListener(
setCookie,
{ urls: [targetPage] },
["blocking", "responseHeaders"]
);
This code does the same thing the previous example, except that the listener is asynchronous, returning a Promise which is resolved with the new headers:
const targetPage = "https://developer.mozilla.org/en-US/Firefox/Developer_Edition";
function setCookieAsync(e) {
const asyncSetCookie = new Promise((resolve, reject) => {
setTimeout(() => {
const setMyCookie = {
name: "Set-Cookie",
value: "my-cookie1=my-cookie-value1"
};
e.responseHeaders.push(setMyCookie);
resolve({ responseHeaders: e.responseHeaders });
}, 2000);
});
return asyncSetCookie;
}
browser.webRequest.onHeadersReceived.addListener(
setCookieAsync,
{ urls: [targetPage] },
["blocking", "responseHeaders"]
);