HTTP Header Modifier for testing

A lightweight developer tool to inject and override response headers for testing CSP, CORS, and security policies.

HTTP Header Modifier for testing is a lightweight, high-performance developer tool designed to inject, override, and modify HTTP response headers on the fly. Built with the modern Manifest V3 engine, it provides a secure and efficient way to debug web security policies, CORS configurations, and server behaviors without the bloat of traditional header managers. 🚀 Key Use Cases # Debug CSP & Security: Easily test and bypass Content Security Policy (CSP) or HSTS headers in your local development environment. # CORS Troubleshooting: Inject Access-Control-Allow-Origin headers to resolve cross-origin issues during API development. # Environment Simulation: Override headers like X-Frame-Options or Server to simulate different backend environments. # Custom Headers: Add your own custom headers (e.g., X-DummyHeader) to verify frontend logic. 🛠️ Features # Global Master Switch: Quickly enable or disable all modifications with a single click. # Domain-Specific Targeting: Use powerful URL matching (e.g., example.com) to ensure headers only apply where you need them. # Manifest V3 Optimized: Uses the declarativeNetRequest API for native-speed header modification that respects browser privacy. # Zero Latency: Modifications happen at the network level, ensuring no impact on page load speed. ⚠️ Note for Developers Due to Chrome’s internal networking optimizations (HSTS and HTTP/3), modified headers may occasionally be hidden in the "Network" tab of DevTools. To verify active headers, it is recommended to check the console using: fetch(window.location.href).then(r => console.log(r.headers.get('Your-Header')))