Getting Started
This guide will help you install ModHead and create your first header modification rule.
ModHead can be installed in two ways:
-
Clone the repository
git clone https://github.com/HawkeyePierce89/ModHead cd ModHead -
Install dependencies
npm install
-
Build the extension
npm run build
-
Load in Chrome
- Open Chrome and navigate to
chrome://extensions/ - Enable "Developer mode" (toggle in top-right corner)
- Click "Load unpacked"
- Select the
dist/directory from the ModHead project
- Open Chrome and navigate to
-
Verify installation
- You should see the ModHead icon in your Chrome toolbar
- Click the icon to open the Options page
Install directly from the Chrome Web Store.
There are two ways to access ModHead's options page:
- Click the extension icon in the Chrome toolbar
- Right-click the icon → Select "Options"
When you first open the options page, it will be empty:
Let's create a simple rule to add a custom header to all requests to httpbin.org.
- Click the "Create Rule" button
- The rule editor modal will open
Rule Name: Give your rule a descriptive name
Example: "HTTPBin Test Header"
Enable Rule: Make sure the toggle is ON (enabled by default)
Target domains specify which URLs should have their headers modified.
- Click "Add Target Domain"
-
URL:
httpbin.org -
Match Type: Select
startsWith
This will match all URLs that start with httpbin.org (e.g., httpbin.org/get, httpbin.org/headers, etc.)
- Click "Add Header"
-
Header Name:
X-Custom-Header -
Header Value:
Hello from ModHead
Click "Save" to create the rule. Your new rule will appear on the options page:
ModHead offers three match types for flexible URL filtering:
Matches URLs that start with the specified pattern.
Example:
- Pattern:
api.example.com - ✅ Matches:
api.example.com/users,api.example.com/products/123 - ❌ Doesn't match:
example.com/api,www.api.example.com
Use case: Match all endpoints under a specific domain
Matches URLs that end with the specified pattern.
Example:
- Pattern:
.json - ✅ Matches:
api.example.com/data.json,example.com/config.json - ❌ Doesn't match:
example.com/data.xml,example.com/json
Use case: Match specific file types or path patterns
Matches URLs that exactly match the specified pattern.
Example:
- Pattern:
api.example.com/auth/login - ✅ Matches:
api.example.com/auth/login - ❌ Doesn't match:
api.example.com/auth/login/callback,api.example.com/auth
Use case: Target a specific endpoint
Here's an example of a rule with multiple target domains using different match types:
A single rule can have multiple target domains with different match types:
Example: API Development Rule
- Target 1:
localhost:3000(startsWith) - Local development - Target 2:
dev-api.example.com(startsWith) - Development server - Target 3:
staging-api.example.com(startsWith) - Staging server
All three domains will receive the same header modifications.
You can add multiple headers to a single rule:
Example: Authentication and Content Type
Header 1:
Name: Authorization
Value: Bearer YOUR_TOKEN_HERE
Header 2:
Name: Content-Type
Value: application/json
Header 3:
Name: X-API-Version
Value: v2
Here's what a rule with multiple headers looks like:
Let's verify that your rule is working:
- Open a new tab in Chrome
-
Navigate to
https://httpbin.org/headers - Look for your header in the response
You should see X-Custom-Header: Hello from ModHead in the returned headers.
Click the toggle switch on any rule card to enable or disable it without deleting.
Tip: Disable rules you don't need right now instead of deleting them.
Click the Edit button (pencil icon) on any rule card to modify it.
Click the Delete button (trash icon) to permanently remove a rule.
Warning: This action cannot be undone. You'll be asked to confirm.
Tab URL filtering allows you to apply rules only when you're on a specific website.
Example Use Case:
- Only modify headers when testing on your development dashboard
- Tab URL:
localhost:3000/dashboard - Target Domain:
api.example.com
This means the headers will only be modified for api.example.com requests when you're viewing localhost:3000/dashboard.
Note: This is an advanced feature. Leave it empty for most use cases.
Rule Name: Production API Key
Target Domain: api.example.com (startsWith)
Headers:
- X-API-Key: your-api-key-here
Rule Name: Dev CORS Headers
Target Domain: localhost:3000 (startsWith)
Headers:
- Access-Control-Allow-Origin: *
- Access-Control-Allow-Methods: GET, POST, PUT, DELETE
- Access-Control-Allow-Headers: Content-Type, Authorization
Rule Name: Auth Token
Target Domain: secure-api.example.com (startsWith)
Headers:
- Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Now that you've created your first rule, explore these advanced features:
- Variables - Reuse values across multiple rules
- Auto-Refresh Tokens - Automatically refresh authentication tokens
- Examples - Real-world configuration examples
- Advanced Features - Power user features
- Check if the rule is enabled (toggle should be ON)
- Verify the URL pattern matches your target
- Check the browser console for any errors
- Try reloading the page after saving the rule
-
Check Chrome extensions page (
chrome://extensions/) - Ensure ModHead is enabled
- Try disabling and re-enabling the extension
- Check for errors in the extension details
For more help, see the FAQ.
Next: Learn about Variables to make your rules more flexible and maintainable.