Our products
Header tools
ChatGPT PromptsZone
Try out ChatGPT, DALL-E, Stable Diffusion, and other AI prompts at PromptsZone.
Try PromptsZone
Share ModHeader

Using ModHeader for HTTP authentication

HTTP authentication

Most websites typically accept the Authorization request header or some form of cookie for authentication. The value is usually either some form of internal ID or a JSON web token (JWT). By passing in different Authorization request header (or cookie), one can turn on / off logged-in state, switch users, change user's role, etc.

Changing Authorization header

Using ModHeader, you can quickly change the authorization header using the following steps:

  • Click on , and select Request header
  • Add Authorization header with the desired value.
  • Now visit your web server. It should have the Authorization header passed to it.
  • Going one step further, you can click on , and select URL filter to enable the Authorization header override only on your domains. This way, you will not accidentally leak your authorization header to other third-party websites.
  • To turn off the feature, simply uncheck the Authorization request header row
  • You can also add additional Authorization header rows so you can easily switch between different users.
  • Alternatively, you can right-click on the profile badge on the left hand side, and select Clone profile, then update the Authorization header value in the new profile. You can quickly switch between different Authorization headers by switching profile. You can click on , then select Keyboard shortcuts to assign custom shortcut keys to each profile.

Changing Cookie value

If you are using cookie-based authentication, you can also use ModHeader to quickly change its value using the following steps:

  • Click on , and select Cookie header
  • Add the desired cookie name and value.
  • Now visit your web server. It should have the cookie passed to it.
  • Going one step further, you can click on , and select URL filter to enable the cookie header override only on your domains. This way, you will not accidentally leak your authorization header to other third-party websites.
  • Similar to the Authorization header approach above, you can easily turn on/off the modification with the checkbox on the left hand side, and use multiple profiles to quickly toggle between different cookie value.