How can we help you?
Custom HTTP Headers
Table of Contents
HTTP headers allow you to customize requests to match real-world scenarios. They’re essential for testing APIs, authenticated endpoints, and browser-like behavior.
User-Agent #
**Identifies the client making the request. Servers may respond differently based on this header.**
**Example:** SiteLoadTester/1.0 or Mozilla/5.0…
**Use Cases:**
– Test mobile vs desktop responses
– Bypass bot detection
– Simulate specific browser behavior
Accept #
**Specifies which content types the client can handle. Affects what format the server returns.**
**Example:** text/html,application/json or application/json
**Use Cases:**
– Test API endpoints (use application/json)
– Ensure correct content type responses
– Test content negotiation
Authorization #
**Contains credentials for authenticated requests. Required for protected endpoints.**
**Example:** Bearer YOUR_TOKEN or Basic base64(username:password)
**Use Cases:**
– Test authenticated API endpoints
– Load test protected resources
– Verify token-based authentication performance
### Content-Type
**Indicates the media type of the request body. Required for POST/PUT requests with data.**
**Example:** application/json or application/x-www-form-urlencoded
**Use Cases:**
– Test API endpoints that accept JSON
– Simulate form submissions
– Test file upload endpoints
Referer #
**Shows the URL of the page that linked to the current request. Used for analytics and security.**
**Example:** https://example.com/page
**Use Cases:**
– Test referral-based logic
– Simulate navigation flows
– Test analytics tracking
Origin #
**Indicates the origin of the request. Used for CORS (Cross-Origin Resource Sharing) checks.**
**Example:** https://example.com
**Use Cases:**
– Test CORS policies
– Simulate cross-origin requests
– Test API security configurations
X-Requested-With #
**Indicates the request was made via XMLHttpRequest. Often used to distinguish AJAX from regular requests.**
**Example:** XMLHttpRequest
**Use Cases:**
– Test AJAX endpoint performance
– Simulate single-page app behavior
– Test API endpoints expecting AJAX
Accept-Language #
**Specifies which languages the client prefers. Affects internationalization and localization.**
**Example:** en-US,en;q=0.9 or es-ES,es;q=0.9
**Use Cases:**
– Test multi-language sites
– Verify localization performance
– Test language-based routing
Why Custom Headers Matter #
– **Realistic Testing:** Headers make your load tests behave like real browsers or API clients, giving you accurate performance metrics.
– **Security Testing:** Test how your server handles authenticated requests, CORS policies, and security headers under load.
– **Behavior Simulation:** Simulate different client types (mobile, desktop, API clients) to see how your server responds to each.
– **Performance Analysis:** Compare performance differences between content types, authentication methods, and client configurations.
Important Notes #
– Only test servers you own or have explicit permission to test
– High connection counts (500+) may be blocked by firewalls or rate limiters
– Monitor your own network bandwidth when running heavy tests
– Some servers may temporarily block your IP if tests are too aggressive