For me, Postman is maintaining the atlassian.xsrf.token and JSESSIONID which makes it impossible for me to simulate a ālogged offā userā¦ Iād have to wait the session expire on the server to test my code!!!
Just wanted to link the two things together, here is the app-support ticket: https://github.com/postmanlabs/postman-app-support/issues/2689
Your link didnāt work for me. I tracked it down though.
2 Likes
This is a ridiculous decision.
How are we meant to test different caching strategies if Postman always sends a temporary cache-control header that disables caching?
JQuery.ajax() etc do not add this temporary header when loading a resource, even if the browser does so when performing a direct, address bar, request.
@girish.jaiswal has a work around, but it is couinterintuitive to add an empty header to remove the temporary header. This should just work out of the box.
I am having trouble sending requests to a third party admin endpoint. If copy out the curl and remove all the extra headings it works. Can we have a toggle to remove all temporary headers? It rather defeats the purpose of using your tool if I have to copy the request and curl it instead. 
I downloaded POSTMAN to have a client which is able to meticulously specify my request. Now I see itās adding stuff under the hood automatically. I can see why itās useful, but please consider an option to disable the default headers so we can troubleshoot our APIās.
I donāt understand what you guys were thinking when you started adding temporary headers to all curls. Itās super annoying sending curl requests to other people now. And time is often wasted debugging why a curl is not working where the cause is always a temporary header like host or content length.
Hi @jeffpc1993 You should be able to share the Curl codes without any temporary headers using the - āNew Code generation modeā
This is very annoying!!! I have disabled the above header settings and STILL there are Postman headers appearing. I have recreated the connection painstakingly with all the parameters and still those Postman headers are being sent across. Sorry, but this tool has become a lot worse since I started using it. Switching to Insomnia
Yay, Iāll join the line of people who just discovered why their API calls fail, because Postman adds some random stuff.
Seriously, no.
I donāt understand how you got the idea to make this a default, non-changeable behaviour, and I absolutely donāt understand how this issue can exist for more than half a year now, and nobody was able to include a ādisable all magic crapā checkbox.
As a developer, I also donāt see why you āneed to know more about thisā and āunderstand the use casesā. Postman is a tool. As such, it should not make assumptions and guesses about what might work best, but just do what it has been told to. Adding a switch to turn that behavior off canāt be such a big deal (unless your code is a mess).
I thank you for offering this tool for free, it has helped me a lot in the past, but now has cost me many hours trying to figure out what was wrong, and as I see no intention here to fix this issue, Iāll have to leave Postman.
Thanks for those who mentioned Insomnia!
2 Likes
Donāt add stuff I donāt want. I am a developer.
+1, we need to create another request to bypass the old headers, thatās stupid, why canāt we delete them ?
1 Like
+1. I wasted a lot of time not realizing Postman was adding other cookies to my request. The scenario is the following: I was testing a request on this url:
https://model.api.mycompany.com/v1/blah-api
I sent some cookies with the request to test the authentication handshaking.
Turns out postman had access to cookies from the parent domain (captured from my browser maybe or from other requests? not sure but I never set these) on the PARENT domain mycompany.com and was sending them in the ātemporary headersā section. These cookies were interfering with or hiding the cookies I was trying to send.
I figured out that you can go to the āManage cookiesā dialog and delete cookies for each domain. However, my company has a lot of domains and subdomains so this list is very large. In this case, the domain is about half way down a list of like 30 domains. That means every time I do a request, I have to scroll down and search for this domain to see if any cookies are remembered. I canāt seem to find a way to do any of the following to make it easier:
- Stop storing or sending cookies other than what Iāve specified in the request
- Stop remembering cookies or at least stop remembering for certain domains
- Delete all cookies from all domains
- A search function to find the domain in the āManage cookiesā window so I can least find this domain easier
- Stop sending temporary headers, the subject of this thread
Just wanted to add my two cents here.
Freaking disable automatically adding headers!
Iāve found that useful approximately uh, 3 times. Out of 200+ requests. I was forced to use curl and write things the hard way out.
If Iām trying to test some API, I donāt want to find out that the only reason my API was working/broken in postman is because of invisible headers I didnāt know was being sent. I wasted 2 days on this when I first discovered this āfeatureā due to the unreliability of the data I had to utilize, which would randomly fail. I was new to http at the time which is why it took me so long.
Youāre trying to screw over inexperienced developers? Why?
Freaking make this optional! Even as a ādefault headersā which can be expanded below āHeadersā would be handy!
Not once did I ever thank Postman for sending these headers, when Iām a developer trying to send valid http requests while controlling every single aspect it was not fun at all to discover I canāt control this with Postman itself, and it hides itself. Almost maliciously.
Iām leaving postman installed for one reason, and one reason only. Iām hoping this insanity will be fixed. Because I canāt use Postman otherwise for development.
Meanwhile, insomnia sounds like itās going to be handyā¦ Not as friendly a user interface maybe, but definitely not trying to screw its own users over by intentionally corrupting the data.
Btw, whats with Postman starting to get bloated with clutter? It used to be a simple toolā¦
1 Like
Oh, oh, it sends the unresolved ā{{access_token}}ā string to the API 
Would be amazing to let users disable/enable Temporary Headers.
I understand that it may be difficult to change the current behavior, but please prioritize this, for the love of all thatās holy! I need to be able to test how my application reacts to invalid input - I donāt need to be ācorrectedā by the tool I am using to generate said input and to be told that this is not what I should want after all.
I am reminded of the venerable Clippy assistant: āIt looks like you are trying to generate invalid requests, let me tell you what you should be really doing instead!ā
+2 days wasted
ā¦ before discovering Google App Engine was rejecting Postmanās HTTP requests because of ā¦ Postman, not my code.
Postman now is an extremely heavyweight curl tutorial for me, clicking Code to see the equivalent curl command that will actually work, where Postman does not. Thanks I guess?
Hey everyone.
Take a look at this change we just released in our Canary builds.
We welcome any feedback you have on it.