apic docs
  • About APIC
  • Installing APIC
  • Getting started with APIC
  • Designer
    • Getting Started With APIC designer
    • Working with API project
    • Creating a Folder
    • Creating a Model or Definitions
    • Creating a Trait
    • Creating an Endpoint
    • Write API Tests starting from Design Phase
    • API Security Definitions
    • Export and view Docs
  • Tester
    • Make an API call
    • Sending Forbidden request headers with APIC
    • Viewing API Response
    • Managing Environments
    • Using Environments
    • Using the Test Builder
    • Writing Test Cases
    • Response Schema validation
    • Creating Test Suites
    • Test Websocket
  • Test Real User Sessions
  • APIC Command line interface (apic-cli)
  • APIC Web Agent (apic-cli)
  • APIC CI/CD Integration (with Jenkins)
  • API Documentation
  • Simulator
  • Dashboard
    • Team Management
    • Published Docs
  • Sharing
Powered by GitBook
On this page
  • Using the web extension
  • Native app for Windows, Linux & Mac
  • Web App
  • List of Forbidden headers

Was this helpful?

  1. Tester

Sending Forbidden request headers with APIC

PreviousMake an API callNextViewing API Response

Last updated 1 year ago

Was this helpful?

There are certain request headers which cannot be modified programmatically. Modifying such headers is forbidden because the user agent retains full control over them.

You can find more on these forbidden headers .

Even though the headers are forbidden that doesn't mean we can't send them in the request for testing purposes. Here is how...

Using the web extension

APIC web extension leverages the Declarative Net Request API to modify the forbidden headers to the values you specify. This works out of the box for the web extension.

Native app for Windows, Linux & Mac

Since the native app for Windows, Linus or Mac doesn't run on a typical browser it doesn't have the limitation for sending Forbidden headers.

Web App

Since the browsers don't allow sending these restricted headers you can bypass that limitation by using which also bypasses the CORS limitation imposed by browsers. Learn more on how to use the Web Agent here.

List of Forbidden headers

Forbidden header names start with Proxy- or Sec-, or are one of the following names:

  • Proxy-

  • Sec-

here on MDN website
APIC's Web Agent
Accept-Charset
Accept-Encoding
Access-Control-Request-Headers
Access-Control-Request-Method
Connection
Content-Length
Cookie
Date
DNT
Expect
Host
Keep-Alive
Origin
Permissions-Policy
Referer
TE
Trailer
Transfer-Encoding
Upgrade
Via