• Skip to main content
  • Select language
  • Skip to search
MDN Web Docs
  • Technologies
    • HTML
    • CSS
    • JavaScript
    • Graphics
    • HTTP
    • APIs / DOM
    • WebExtensions
    • MathML
  • References & Guides
    • Learn web development
    • Tutorials
    • References
    • Developer Guides
    • Accessibility
    • Game development
    • ...more docs
Add-ons
  1. MDN
  2. Mozilla
  3. Add-ons
  4. Browser extensions
  5. JavaScript APIs
  6. webRequest
  7. webRequest.onHeadersReceived

webRequest.onHeadersReceived

In This Article
  1. Syntax
  2. addListener syntax
    1. Parameters
  3. Additional objects
    1. details
  4. Browser compatibility
  5. Examples

Fired when the HTTP response headers associated with a request have been received. You can use this event to modify HTTP response headers.

To have the response headers passed into the listener along with the rest of the request data, pass "responseHeaders" in the extraInfoSpec array.

To modify the headers, pass "blocking" in extraInfoSpec. Then in your event listener, return an object with a property named responseHeaders, whose value is the set of response headers to use. The browser will behave as if the server had sent the modified headers.

From Firefox 52 onwards, instead of returning BlockingResponse, the listener can return a Promise which is resolved with a BlockingResponse. This enables the listener to process the request asynchronously.

If you use "blocking", you must have the "webRequestBlocking" API permission in your manifest.json.

Note that it is possible for extensions to conflict here. If two extensionss listen to onHeadersReceived for the same request, then the second listener will see modifications made by the first listener, and will be able to undo any changes made by the first listener. For example, if the first listener adds a Set-Cookie header, and the second listener strips all Set-Cookie headers, then the first listener's modifications will be lost. If you want to see the headers that are actually processed by the system, without the risk that another extension will subsequently alter them, use onResponseStarted, although you can't modify headers on this event.

Syntax

browser.webRequest.onHeadersReceived.addListener(
  listener,             // function
  filter,               //  object
  extraInfoSpec         //  optional array of strings
)
browser.webRequest.onHeadersReceived.removeListener(listener)
browser.webRequest.onHeadersReceived.hasListener(listener)

Events have three functions:

addListener(callback, filter, extraInfoSpec)
Adds a listener to this event.
removeListener(listener)
Stop listening to this event. The listener argument is the listener to remove.
hasListener(listener)
Check whether listener is registered for this event. Returns true if it is listening, false otherwise.

addListener syntax

Parameters

callback

Function that will be called when this event occurs. The function will be passed the following arguments:

details
object. Details of the request. This will include response headers if you have included "responseHeaders" in extraInfoSpec.

Returns: webRequest.BlockingResponse. If "blocking" is specified in the extraInfoSpec parameter, the event listener should return a BlockingResponse object, and can set its responseHeaders property.

filter
webRequest.RequestFilter. A set of filters that restricts the events that will be sent to this listener.
extraInfoSpecOptional
array of string. Extra options for the event. You can pass any of the following values:
  • "blocking" to make the request synchronous, so you can modify request headers
  • "responseHeaders" to include the response headers in the details object passed to the listener

Additional objects

details

requestId
string. The ID of the request. Request IDs are unique within a browser session, so you can use them to relate different events associated with the same request.
url
string. Target of the request.
method
string. Standard HTTP method: for example, "GET" or "POST".
frameId
integer. Zero if the request happens in the main frame; a positive value is the ID of a subframe in which the request happens. If the document of a (sub-)frame is loaded (type is main_frame or sub_frame), frameId indicates the ID of this frame, not the ID of the outer frame. Frame IDs are unique within a tab.
parentFrameId
integer. ID of the frame that contains the frame which sent the request. Set to -1 if no parent frame exists.
tabId
integer. ID of the tab in which the request takes place. Set to -1 if the request isn't related to a tab.
type
webRequest.ResourceType. The type of resource being requested: for example, "image", "script", "stylesheet".
timeStamp
number. The time when this event fired, in milliseconds since the epoch.
originUrl
string. URL of the resource that triggered this request. Note that this may not be the same as the URL of the page into which the requested resource will be loaded. For example, if a document triggers a load in a different window through the target attribute of a link, or a CSS document includes an image using the url() functional notation, then this will be the URL of the original document or of the CSS document, respectively.
statusLine
string. HTTP status line of the response or the 'HTTP/0.9 200 OK' string for HTTP/0.9 responses (that is, responses that lack a status line).
responseHeadersOptional
webRequest.HttpHeaders. The HTTP response headers that were received for this request.
statusCode
integer. Standard HTTP status code returned by the server.

Browser compatibility

The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.

ChromeEdgeFirefoxFirefox for AndroidOpera
Basic supportYes 1Yes 145 2 348 2 3Yes 1
originUrlNoNo4548No
1. Asynchronous event listeners are not supported.
2. Modification of the 'Content-Type' header is supported from version 51.
3. Asynchronous event listeners are supported from version 52.

Examples

This code sets an extra cookie when requesting a resource from the target URL:

var targetPage = "https://developer.mozilla.org/en-US/Firefox/Developer_Edition";
// Add the new header to the original array,
// and return it.
function setCookie(e) {
  var setMyCookie = {
    name: "Set-Cookie",
    value: "my-cookie1=my-cookie-value1"
  };
  e.responseHeaders.push(setMyCookie);
  return {responseHeaders: e.responseHeaders};
}
// Listen for onHeaderReceived for the target page.
// Set "blocking" and "responseHeaders".
browser.webRequest.onHeadersReceived.addListener(
  setCookie,
  {urls: [targetPage]},
  ["blocking", "responseHeaders"]
);

This code does the same thing the previous example, except that the listener is asynchronous, returning a Promise which is resolved with the new headers:

var targetPage = "https://developer.mozilla.org/en-US/Firefox/Developer_Edition";
// Return a Promise that sets a timer.
// When the timer fires, resolve the promise with
// modified set of response headers.
function setCookieAsync(e) {
  var asyncSetCookie = new Promise((resolve, reject) => {
    window.setTimeout(() => {
      var setMyCookie = {
        name: "Set-Cookie",
        value: "my-cookie1=my-cookie-value1"
      };
      e.responseHeaders.push(setMyCookie);
      resolve({responseHeaders: e.responseHeaders});
    }, 2000);
  });
  return asyncSetCookie;
}
// Listen for onHeaderReceived for the target page.
// Set "blocking" and "responseHeaders".
browser.webRequest.onHeadersReceived.addListener(
  setCookieAsync,
  {urls: [targetPage]},
  ["blocking", "responseHeaders"]
);

Acknowledgements

This API is based on Chromium's chrome.webRequest API. This documentation is derived from web_request.json in the Chromium code.

Microsoft Edge compatibility data is supplied by Microsoft Corporation and is included here under the Creative Commons Attribution 3.0 United States License.

// Copyright 2015 The Chromium Authors. All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
//    * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
//    * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following disclaimer
// in the documentation and/or other materials provided with the
// distribution.
//    * Neither the name of Google Inc. nor the names of its
// contributors may be used to endorse or promote products derived from
// this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Document Tags and Contributors

Tags: 
  • Add-ons
  • API
  • Event
  • Extensions
  • Non-standard
  • onHeadersReceived
  • Reference
  • WebExtensions
  • webRequest
 Contributors to this page: andrewtruongmoz, wbamberg, Makyen, johnadungan
 Last updated by: andrewtruongmoz, Jul 14, 2017, 11:16:23 AM
See also
  1. Browser extensions
  2. Getting started
    1. What are extensions?
    2. Your first extension
    3. Your second extension
    4. Anatomy of an extension
    5. Example extensions
  3. How to
    1. Intercept HTTP requests
    2. Modify a web page
    3. Add a button to the toolbar
    4. Implement a settings page
  4. User interface
    1. Introduction
    2. Toolbar button
    3. Address bar button
    4. Sidebar
    5. Context menu items
    6. Options page
    7. Bundled web pages
    8. Notifications
    9. Address bar suggestions
    10. Developer tools panels
  5. Concepts
    1. Using the JavaScript APIs
    2. Content scripts
    3. Match patterns
    4. Internationalization
    5. Content Security Policy
    6. Native messaging
  6. Porting
    1. Porting a Google Chrome extension
    2. Porting a legacy Firefox extension
    3. Embedded WebExtensions
    4. Comparison with the Add-on SDK
    5. Comparison with XUL/XPCOM extensions
    6. Chrome incompatibilities
    7. Differences between desktop and Android
  7. Firefox workflow
    1. Temporary Installation in Firefox
    2. Debugging
    3. Developing for Firefox for Android
    4. Getting started with web-ext
    5. web-ext command reference
    6. Extensions and the Add-on ID
    7. Publishing your extension
  8. JavaScript APIs
    1. Browser support for JavaScript APIs
    2. alarms
    3. bookmarks
    4. browserAction
    5. browsingData
    6. commands
    7. contextMenus
    8. contextualIdentities
    9. cookies
    10. devtools.inspectedWindow
    11. devtools.network
    12. devtools.panels
    13. downloads
    14. events
    15. extension
    16. extensionTypes
    17. history
    18. i18n
    19. identity
    20. idle
    21. management
    22. notifications
    23. omnibox
    24. pageAction
    25. permissions
    26. privacy
    27. proxy
    28. runtime
    29. sessions
    30. sidebarAction
    31. storage
    32. tabs
    33. topSites
    34. types
    35. webNavigation
    36. webRequest
      1. Methods
        1. handlerBehaviorChanged()
      2. Properties
        1. MAX_HANDLER_BEHAVIOR_CHANGED_CALLS_PER_10_MINUTES
      3. Types
        1. BlockingResponse
        2. HttpHeaders
        3. RequestFilter
        4. ResourceType
        5. UploadData
      4. Events
        1. onAuthRequired
        2. onBeforeRedirect
        3. onBeforeRequest
        4. onBeforeSendHeaders
        5. onCompleted
        6. onErrorOccurred
        7. onHeadersReceived
        8. onResponseStarted
        9. onSendHeaders
    37. windows
  9. Manifest keys
    1. applications
    2. author
    3. background
    4. browser_action
    5. chrome_settings_overrides
    6. chrome_url_overrides
    7. commands
    8. content_scripts
    9. content_security_policy
    10. default_locale
    11. description
    12. developer
    13. devtools_page
    14. homepage_url
    15. icons
    16. incognito
    17. manifest_version
    18. name
    19. omnibox
    20. optional_permissions
    21. options_ui
    22. page_action
    23. permissions
    24. protocol_handlers
    25. short_name
    26. sidebar_action
    27. version
    28. web_accessible_resources
  10. Themes
  11. Publishing add-ons
  12. Guides
    1. Signing and distribution overview
    2. Submit an add-on
    3. Creating an appealing listing
    4. Review policies
    5. Developer agreement
    6. Featured add-ons
    7. Contact addons.mozilla.org
  13. Community and support
  14. Channels
    1. Add-ons blog
    2. Add-on forums
    3. Stack Overflow
    4. Development newsgroup
    5. IRC Channel
  15. Legacy add-ons
  16. Legacy technologies
    1. Add-on SDK
    2. Legacy Firefox for Android
    3. Bootstrapped extensions
    4. Overlay extensions