Overriding request headers

Our CDN has rules that add headers to requests and based on values of those headers, application does different things.

I am writing some tests to assert behaviors from having different headers and their values. I read somewhere if i add a header manually in Postman the existing header will be overridden. It does not seem to be that way.

Let’s say I have a header called origin. In Postman for my test I added that to equal to X, but the CDN also adds a header called origin and set it to Y. My expectation is origin from the CDN will be overriden and so instead of Y the requests will have a header called origin which equals to X. However, when I make the request in Postman, the header origin becomes null??? If I uncheck the origin header in postman, then it will return Y.

Can someone confirm if this is an expected behavior, also any advice how to go about manipulating headers?

Thank you!

Postman only has a couple of auto-generated headers.

Some of these are based on what you do in the GUI, so if you set the body to raw\JSON, it will create an Content-Type header for application/json.

If you use the Authorization helpers, it will add an Authorization header, etc.

If you manually create an header with the same key, then the manually created key is usually what gets sent. (It will override the auto-generated header).

I just tested this and can confirm.

I’m not sure what you mean by the CDN adding an header called origin.

If the CDN is amending the request before it hits the API, then this is outside of Postman’s control. I suspect the CDN will win in this scenario.

If the CDN is automatically setting this header and you have no control over this, then it doesn’t sound like you will be able to test this scenario.

Hi Mike,

Thank you for your response, and your explanation of when a header can be overridden, now it all makes sense. I misunderstood how and when overriding will occur.

You are right, the CDN is automatically setting this origin header and I do understand I cant control what it is set to. It is just strange that when there is a conflict, where origin is passed manually and origin also was added by CDN, the origin header becomes null. I agree, I might not be able to test 100%, maybe just partially with other scenarios.

Thanks again, that was helpful!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.