Sending Forbidden request headers with APIC
There are certain request headers which cannot be modified programmatically. Modifying such headers is forbidden because the user agent retains full control over them.
Even though the headers are forbidden that doesn't mean we can't send them in the request for testing purposes. Here is how...
APIC web extension leverages the Declarative Net Request API to modify the forbidden headers to the values you specify. This works out of the box for the web extension.
Since the native app for Windows, Linus or Mac doesn't run on a typical browser it doesn't have the limitation for sending Forbidden headers.
Since the browsers don't allow sending these restricted headers you can bypass that limitation by using APIC's Web Agent which also bypasses the CORS limitation imposed by browsers. Learn more on how to use the Web Agent here.
Forbidden header names start with
Sec-, or are one of the following names: