Skip to main content
How to spy on your browser's HTTP requests and responses

This post is from the CollabNet VersionOne blog and has not been updated since the original publish date.

Last Updated Feb 07, 2013 — Enterprise Agile Planning expert

How to spy on your browser's HTTP requests and responses

Ask anAgile expert

Are you just getting started with agile? Scaling agile practices in your organization? Leading an agile transformation? Get answers to all your agile questions.

Watch now
Enterprise Agile Planning

In this article, you will

  • Learn how to spy on your Web browser's HTTP requests and responses
  • Start to understand why your browser sends HTTP request headers and why web servers send HTTP response headers

What you'll need

  • Google Chrome for its developer tools
  • Alternatively, you can use other browsers if you can figure out how to use their own development tools

HTTP is no secret at all and it's super easy to spy on your browser

Does it ever seem like cryptic magic what your browser and remote servers do together? Lest you think that HTTP requests and responses are like some secretive handshake that only browser makers and website operators know and can see: they're not. Assuming you are using Google Chrome, do this:

  1. Open a new window or tab
  2. Hit the F12 key to pull up the Google Chrome developer tools, and click on the Network tab
  3. Load Google in the new window. You can study the guts of the HTTP request used to GET the home page.

Notice the request method and request headers section

As you can see, the request method is GET, and below that is a big bag of request headers. Let's highlight just the major headers for now. HTTP request headers will come into play when we start to study how to send data to the Agility, formerly VersionOne, REST API because we'll need to specify a few "custom headers."

HTTP headers provide more information to help the server respond properly

Your browser sends HTTP headers as part of the HTTP request to give the server additional information it needs to know in order to process the request. The most relevant ones, practically speaking, are the accept header and the cookie one. The accept header tells the server what kind of formats the browser wants to get the response in, and the cookie is actually a unique value that identifies me that my browser previously got from Google. My browser sends the cookie back to Google on subsequent requests so that Google can correlate separate requests with me.

Now, scroll the pane down to see the response headers section

Similar, the response has headers. The content/type header is the most relevant here, and you'll notice that text/html corresponds to one of the values the initiating HTTP request contained its accept header. This will be important later when we use JavaScript to create requests for the Agility REST API.

Click the response tab

Do you remember in the last article the web's inventor Tim Berners/Lee's statement about the HTTP GET method when he first designed it? He said:

The response from the server was always an HTML page.

Even though the top of the response says <!doctype html>, most of the response contains JavaScript code, and really bizarre looking JavaScript code at that. This is called minified JavaScript. Developers minify script to make the size of a response smaller. But, it certainly makes it harder to understand! 

Now, let's examine an HTTP POST request

Assuming you still have another browser or tab open and the developer tools handy:

  1. Navigate to
  2. Enter something into the new paste form, scroll down and hit submit

POST request and response highlights

Here are few highlights from the request and response that you can see in your developer tools window:

Request headers

Request URL:
Request Method:POST

Request payload

The values contained in the payload correspond to HTML form field values. The source code for the HTML form element looks like this:

<textarea name="paste_code"></textarea>

If, like me, you typed Agility is my favorite agile management tool! into the new paste field (named paste_code in the HTML), then your payload should look similar to this:

Content/Disposition: form/data; name="post_key"

Content/Disposition: form/data; name="submit_hidden"

Content/Disposition: form/data; name="paste_code" Agility is my favorite agile management tool!

Response headers

Again, like we saw for the GET response from, the content/type header is text/xml, but the new location header specifies where the browser should automatically navigate to to GET the response document, since if you look at the response tab you'll see that it is empty. This is a good design pattern called the Post/Redirect/Get pattern, and we'll learn more about it in later articles.


More from the Blog

View more Government Cloud
Apr 12, 2022 Government Cloud receives FedRAMP Authorization through sponsorship from the United States Department of Veterans Affairs

Enterprise Agile Planning
Flagship Agility solutions can effectively scale agile deve ...
Read More
Nov 22, 2021

What are the qualities of highly effective agile teams?

Enterprise Agile Planning
A team is the core unit of productivity in an agile organization. Wher ...
Read More
Nov 15, 2021

How an open-first attitude revolutionized government tech development

Enterprise Agile Planning
Public perception of government is often that it is slow-moving, reluc ...
Read More
cross functional
Nov 08, 2021

6 best practices for building resilient cross-functional teams

Enterprise Agile Planning
Agile frameworks prize the quality of resilience within every facet of ...
Read More
Contact Us