webRequest API
Hint
The webRequest API is inherited from Firefox, and its primary documentation is maintained by Mozilla at MDN. Thunderbird implements only the subset of functions, events, and types listed here. The MDN pages may provide further details and examples, but they may also reference features that are not supported in Thunderbird.
Use the browser.webRequest API to observe and analyze traffic and to intercept, block, or modify requests in-flight.
Permissions
The following permissions influence the behavior of the API. Depending on which permissions are requested, additional methods might be available, or certain data may be included in responses.
Hint
Request permissions only when needed. Unnecessary requests may result in rejection during ATN review.
webRequest
Grant access to some or all methods of the webRequest API.
webRequestBlocking
Allows to use the blocking features of the webRequest API. With this permission, listeners can synchronously modify or cancel requests before they are sent or before a response is delivered. Without it, listeners can only observe requests without blocking or altering them.
Functions
filterResponseData(requestId)
– [Added in TB 57]
…
Required permissions
getSecurityInfo(requestId, [options])
– [Added in TB 62]
Retrieves the security information for the request. Returns a promise that will resolve to a SecurityInfo object.
Parameters
requestId
options
Required permissions
handlerBehaviorChanged()
Needs to be called when the behavior of the webRequest handlers has changed to prevent incorrect handling due to caching. This function call is expensive. Don’t call it often.
Required permissions
Events
onAuthRequired
– [Added in TB 54]
Fired when an authentication failure is received. The listener has three options: it can provide authentication credentials, it can cancel the request and display the error page, or it can take no action on the challenge. If bad user credentials are provided, this may be called multiple times for the same request.
Note
To handle a request asynchronously, return a Promise from the listener.
Parameters for onAuthRequired.addListener(listener, filter, extraInfoSpec)
listener(details, asyncCallback)
A function that will be called when this event occurs.
filter
A set of filters that restricts the events that will be sent to this listener.
extraInfoSpec
Array of extra information that should be passed to the listener function.
Parameters passed to the listener function
details
challenger
frameId
The value 0 indicates that the request happens in the main frame; a positive value indicates the ID of a subframe in which the request happens. If the document of a (sub-)frame is loaded (type is main_frame or sub_frame), frameId indicates the ID of this frame, not the ID of the outer frame. Frame IDs are unique within a tab.
isProxy
True for Proxy-Authenticate, false for WWW-Authenticate.
method
Standard HTTP method.
parentFrameId
ID of frame that wraps the frame which sent the request. Set to -1 if no parent frame exists.
requestId
The ID of the request. Request IDs are unique within a browser session. As a result, they could be used to relate different events of the same request.
scheme
The authentication scheme, e.g. Basic or Digest.
statusCode
Standard HTTP status code returned by the server.
statusLine
HTTP status line of the response or the ‘HTTP/0.9 200 OK’ string for HTTP/0.9 responses (i.e., responses that lack a status line) or an empty string if there are no headers.
tabId
The ID of the tab in which the request takes place. Set to -1 if the request isn’t related to a tab.
thirdParty
Indicates if this request and its content window hierarchy is third party.
timeStamp
The time when this signal is triggered, in milliseconds since the epoch.
type
How the requested resource will be used.
url
cookieStoreId
The cookie store ID of the contextual identity.
documentUrl
URL of the page into which the requested resource will be loaded.
incognito
True for private browsing requests.
originUrl
URL of the resource that triggered this request.
realm
The authentication realm provided by the server, if there is one.
responseHeaders
The HTTP response headers that were received along with this response.
urlClassification
Tracking classification if the request has been classified.
Note
Classification flags emailtracking and emailtracking_content added in Thunderbird 104.
asyncCallback
Expected return value of the listener function
web-request-on-auth-required-returns
If “blocking” is specified in the “extraInfoSpec” parameter, the event listener should return an object of this type.
Required permissions
onBeforeRedirect
– [Added in TB 46]
Fired when a server-initiated redirect is about to occur.
Parameters for onBeforeRedirect.addListener(listener, filter, extraInfoSpec)
listener(details)
A function that will be called when this event occurs.
filter
A set of filters that restricts the events that will be sent to this listener.
extraInfoSpec
Array of extra information that should be passed to the listener function.
Parameters passed to the listener function
details
frameId
The value 0 indicates that the request happens in the main frame; a positive value indicates the ID of a subframe in which the request happens. If the document of a (sub-)frame is loaded (type is main_frame or sub_frame), frameId indicates the ID of this frame, not the ID of the outer frame. Frame IDs are unique within a tab.
fromCache
Indicates if this response was fetched from disk cache.
method
Standard HTTP method.
parentFrameId
ID of frame that wraps the frame which sent the request. Set to -1 if no parent frame exists.
redirectUrl
The new URL.
requestId
The ID of the request. Request IDs are unique within a browser session. As a result, they could be used to relate different events of the same request.
statusCode
Standard HTTP status code returned by the server.
statusLine
HTTP status line of the response or the ‘HTTP/0.9 200 OK’ string for HTTP/0.9 responses (i.e., responses that lack a status line) or an empty string if there are no headers.
tabId
The ID of the tab in which the request takes place. Set to -1 if the request isn’t related to a tab.
thirdParty
Indicates if this request and its content window hierarchy is third party.
timeStamp
The time when this signal is triggered, in milliseconds since the epoch.
type
How the requested resource will be used.
url
cookieStoreId
The cookie store ID of the contextual identity.
documentUrl
URL of the page into which the requested resource will be loaded.
incognito
True for private browsing requests.
ip
The server IP address that the request was actually sent to. Note that it may be a literal IPv6 address.
originUrl
URL of the resource that triggered this request.
responseHeaders
The HTTP response headers that were received along with this redirect.
urlClassification
Tracking classification if the request has been classified.
Note
Classification flags emailtracking and emailtracking_content added in Thunderbird 104.
Required permissions
onBeforeRequest
– [Added in TB 46]
Fired when a request is about to occur.
Note
Asynchronous event listeners are supported from version 52.
Parameters for onBeforeRequest.addListener(listener, filter, extraInfoSpec)
listener(details)
A function that will be called when this event occurs.
filter
A set of filters that restricts the events that will be sent to this listener.
extraInfoSpec
Array of extra information that should be passed to the listener function.
Parameters passed to the listener function
details
frameId
The value 0 indicates that the request happens in the main frame; a positive value indicates the ID of a subframe in which the request happens. If the document of a (sub-)frame is loaded (type is main_frame or sub_frame), frameId indicates the ID of this frame, not the ID of the outer frame. Frame IDs are unique within a tab.
method
Standard HTTP method.
parentFrameId
ID of frame that wraps the frame which sent the request. Set to -1 if no parent frame exists.
requestId
The ID of the request. Request IDs are unique within a browser session. As a result, they could be used to relate different events of the same request.
tabId
The ID of the tab in which the request takes place. Set to -1 if the request isn’t related to a tab.
thirdParty
Indicates if this request and its content window hierarchy is third party.
timeStamp
The time when this signal is triggered, in milliseconds since the epoch.
type
How the requested resource will be used.
url
cookieStoreId
The cookie store ID of the contextual identity.
documentUrl
URL of the page into which the requested resource will be loaded.
incognito
True for private browsing requests.
originUrl
URL of the resource that triggered this request.
requestBody
Contains the HTTP request body data. Only provided if extraInfoSpec contains ‘requestBody’.
error
Errors when obtaining request body data.
formData
If the request method is POST and the body is a sequence of key-value pairs encoded in UTF8, encoded as either multipart/form-data, or application/x-www-form-urlencoded, this dictionary is present and for each key contains the list of all values for that key. If the data is of another media type, or if it is malformed, the dictionary is not present. An example value of this dictionary is {‘key’: [‘value1’, ‘value2’]}.
raw
If the request method is PUT or POST, and the body is not already parsed in formData, then the unparsed request body elements are contained in this array.
urlClassification
Tracking classification if the request has been classified.
Note
Classification flags emailtracking and emailtracking_content added in Thunderbird 104.
Expected return value of the listener function
web-request-on-before-request-returns
If “blocking” is specified in the “extraInfoSpec” parameter, the event listener should return an object of this type.
Required permissions
onBeforeSendHeaders
– [Added in TB 45]
Fired before sending an HTTP request, once the request headers are available. This may occur after a TCP connection is made to the server, but before any HTTP data is sent.
Note
Asynchronous event listeners are supported from version 52.
Parameters for onBeforeSendHeaders.addListener(listener, filter, extraInfoSpec)
listener(details)
A function that will be called when this event occurs.
filter
A set of filters that restricts the events that will be sent to this listener.
extraInfoSpec
Array of extra information that should be passed to the listener function.
Parameters passed to the listener function
details
frameId
The value 0 indicates that the request happens in the main frame; a positive value indicates the ID of a subframe in which the request happens. If the document of a (sub-)frame is loaded (type is main_frame or sub_frame), frameId indicates the ID of this frame, not the ID of the outer frame. Frame IDs are unique within a tab.
method
Standard HTTP method.
parentFrameId
ID of frame that wraps the frame which sent the request. Set to -1 if no parent frame exists.
requestId
The ID of the request. Request IDs are unique within a browser session. As a result, they could be used to relate different events of the same request.
tabId
The ID of the tab in which the request takes place. Set to -1 if the request isn’t related to a tab.
thirdParty
Indicates if this request and its content window hierarchy is third party.
timeStamp
The time when this signal is triggered, in milliseconds since the epoch.
type
How the requested resource will be used.
url
cookieStoreId
The cookie store ID of the contextual identity.
documentUrl
URL of the page into which the requested resource will be loaded.
incognito
True for private browsing requests.
originUrl
URL of the resource that triggered this request.
requestHeaders
The HTTP request headers that are going to be sent out with this request.
urlClassification
Tracking classification if the request has been classified.
Note
Classification flags emailtracking and emailtracking_content added in Thunderbird 104.
Expected return value of the listener function
web-request-on-before-send-headers-returns
If “blocking” is specified in the “extraInfoSpec” parameter, the event listener should return an object of this type.
Required permissions
onCompleted
– [Added in TB 45]
Fired when a request is completed.
Parameters for onCompleted.addListener(listener, filter, extraInfoSpec)
listener(details)
A function that will be called when this event occurs.
filter
A set of filters that restricts the events that will be sent to this listener.
extraInfoSpec
Array of extra information that should be passed to the listener function.
Parameters passed to the listener function
details
frameId
The value 0 indicates that the request happens in the main frame; a positive value indicates the ID of a subframe in which the request happens. If the document of a (sub-)frame is loaded (type is main_frame or sub_frame), frameId indicates the ID of this frame, not the ID of the outer frame. Frame IDs are unique within a tab.
fromCache
Indicates if this response was fetched from disk cache.
method
Standard HTTP method.
parentFrameId
ID of frame that wraps the frame which sent the request. Set to -1 if no parent frame exists.
requestId
The ID of the request. Request IDs are unique within a browser session. As a result, they could be used to relate different events of the same request.
requestSize
For http requests, the bytes transferred in the request. Only available in onCompleted.
responseSize
For http requests, the bytes received in the request. Only available in onCompleted.
statusCode
Standard HTTP status code returned by the server.
statusLine
HTTP status line of the response or the ‘HTTP/0.9 200 OK’ string for HTTP/0.9 responses (i.e., responses that lack a status line) or an empty string if there are no headers.
tabId
The ID of the tab in which the request takes place. Set to -1 if the request isn’t related to a tab.
thirdParty
Indicates if this request and its content window hierarchy is third party.
timeStamp
The time when this signal is triggered, in milliseconds since the epoch.
type
How the requested resource will be used.
url
urlClassification
Tracking classification if the request has been classified.
Note
Classification flags emailtracking and emailtracking_content added in Thunderbird 104.
cookieStoreId
The cookie store ID of the contextual identity.
documentUrl
URL of the page into which the requested resource will be loaded.
incognito
True for private browsing requests.
ip
The server IP address that the request was actually sent to. Note that it may be a literal IPv6 address.
originUrl
URL of the resource that triggered this request.
responseHeaders
The HTTP response headers that were received along with this response.
Required permissions
onErrorOccurred
– [Added in TB 45]
Fired when an error occurs.
Parameters for onErrorOccurred.addListener(listener, filter)
listener(details)
A function that will be called when this event occurs.
filter
A set of filters that restricts the events that will be sent to this listener.
Parameters passed to the listener function
details
error
The error description. This string is not guaranteed to remain backwards compatible between releases. You must not parse and act based upon its content.
frameId
The value 0 indicates that the request happens in the main frame; a positive value indicates the ID of a subframe in which the request happens. If the document of a (sub-)frame is loaded (type is main_frame or sub_frame), frameId indicates the ID of this frame, not the ID of the outer frame. Frame IDs are unique within a tab.
fromCache
Indicates if this response was fetched from disk cache.
method
Standard HTTP method.
parentFrameId
ID of frame that wraps the frame which sent the request. Set to -1 if no parent frame exists.
requestId
The ID of the request. Request IDs are unique within a browser session. As a result, they could be used to relate different events of the same request.
tabId
The ID of the tab in which the request takes place. Set to -1 if the request isn’t related to a tab.
thirdParty
Indicates if this request and its content window hierarchy is third party.
timeStamp
The time when this signal is triggered, in milliseconds since the epoch.
type
How the requested resource will be used.
url
cookieStoreId
The cookie store ID of the contextual identity.
documentUrl
URL of the page into which the requested resource will be loaded.
incognito
True for private browsing requests.
ip
The server IP address that the request was actually sent to. Note that it may be a literal IPv6 address.
originUrl
URL of the resource that triggered this request.
urlClassification
Tracking classification if the request has been classified.
Note
Classification flags emailtracking and emailtracking_content added in Thunderbird 104.
Required permissions
onHeadersReceived
– [Added in TB 45]
Fired when HTTP response headers of a request have been received.
Note
Modification of the ‘Content-Type’ header is supported from version 51.
Note
Asynchronous event listeners are supported from version 52.
Parameters for onHeadersReceived.addListener(listener, filter, extraInfoSpec)
listener(details)
A function that will be called when this event occurs.
filter
A set of filters that restricts the events that will be sent to this listener.
extraInfoSpec
Array of extra information that should be passed to the listener function.
Parameters passed to the listener function
details
frameId
The value 0 indicates that the request happens in the main frame; a positive value indicates the ID of a subframe in which the request happens. If the document of a (sub-)frame is loaded (type is main_frame or sub_frame), frameId indicates the ID of this frame, not the ID of the outer frame. Frame IDs are unique within a tab.
method
Standard HTTP method.
parentFrameId
ID of frame that wraps the frame which sent the request. Set to -1 if no parent frame exists.
requestId
The ID of the request. Request IDs are unique within a browser session. As a result, they could be used to relate different events of the same request.
statusCode
Standard HTTP status code returned by the server.
statusLine
HTTP status line of the response or the ‘HTTP/0.9 200 OK’ string for HTTP/0.9 responses (i.e., responses that lack a status line).
tabId
The ID of the tab in which the request takes place. Set to -1 if the request isn’t related to a tab.
thirdParty
Indicates if this request and its content window hierarchy is third party.
timeStamp
The time when this signal is triggered, in milliseconds since the epoch.
type
How the requested resource will be used.
url
cookieStoreId
The cookie store ID of the contextual identity.
documentUrl
URL of the page into which the requested resource will be loaded.
incognito
True for private browsing requests.
originUrl
URL of the resource that triggered this request.
responseHeaders
The HTTP response headers that have been received with this response.
urlClassification
Tracking classification if the request has been classified.
Note
Classification flags emailtracking and emailtracking_content added in Thunderbird 104.
Expected return value of the listener function
web-request-on-headers-received-returns
If “blocking” is specified in the “extraInfoSpec” parameter, the event listener should return an object of this type.
Required permissions
onResponseStarted
– [Added in TB 45]
Fired when the first byte of the response body is received. For HTTP requests, this means that the status line and response headers are available.
Parameters for onResponseStarted.addListener(listener, filter, extraInfoSpec)
listener(details)
A function that will be called when this event occurs.
filter
A set of filters that restricts the events that will be sent to this listener.
extraInfoSpec
Array of extra information that should be passed to the listener function.
Parameters passed to the listener function
details
frameId
The value 0 indicates that the request happens in the main frame; a positive value indicates the ID of a subframe in which the request happens. If the document of a (sub-)frame is loaded (type is main_frame or sub_frame), frameId indicates the ID of this frame, not the ID of the outer frame. Frame IDs are unique within a tab.
fromCache
Indicates if this response was fetched from disk cache.
method
Standard HTTP method.
parentFrameId
ID of frame that wraps the frame which sent the request. Set to -1 if no parent frame exists.
requestId
The ID of the request. Request IDs are unique within a browser session. As a result, they could be used to relate different events of the same request.
statusCode
Standard HTTP status code returned by the server.
statusLine
HTTP status line of the response or the ‘HTTP/0.9 200 OK’ string for HTTP/0.9 responses (i.e., responses that lack a status line) or an empty string if there are no headers.
tabId
The ID of the tab in which the request takes place. Set to -1 if the request isn’t related to a tab.
thirdParty
Indicates if this request and its content window hierarchy is third party.
timeStamp
The time when this signal is triggered, in milliseconds since the epoch.
type
How the requested resource will be used.
url
cookieStoreId
The cookie store ID of the contextual identity.
documentUrl
URL of the page into which the requested resource will be loaded.
incognito
True for private browsing requests.
ip
The server IP address that the request was actually sent to. Note that it may be a literal IPv6 address.
originUrl
URL of the resource that triggered this request.
responseHeaders
The HTTP response headers that were received along with this response.
urlClassification
Tracking classification if the request has been classified.
Note
Classification flags emailtracking and emailtracking_content added in Thunderbird 104.
Required permissions
onSendHeaders
– [Added in TB 45]
Fired just before a request is going to be sent to the server (modifications of previous onBeforeSendHeaders callbacks are visible by the time onSendHeaders is fired).
Parameters for onSendHeaders.addListener(listener, filter, extraInfoSpec)
listener(details)
A function that will be called when this event occurs.
filter
A set of filters that restricts the events that will be sent to this listener.
extraInfoSpec
Array of extra information that should be passed to the listener function.
Parameters passed to the listener function
details
frameId
The value 0 indicates that the request happens in the main frame; a positive value indicates the ID of a subframe in which the request happens. If the document of a (sub-)frame is loaded (type is main_frame or sub_frame), frameId indicates the ID of this frame, not the ID of the outer frame. Frame IDs are unique within a tab.
method
Standard HTTP method.
parentFrameId
ID of frame that wraps the frame which sent the request. Set to -1 if no parent frame exists.
requestId
The ID of the request. Request IDs are unique within a browser session. As a result, they could be used to relate different events of the same request.
tabId
The ID of the tab in which the request takes place. Set to -1 if the request isn’t related to a tab.
thirdParty
Indicates if this request and its content window hierarchy is third party.
timeStamp
The time when this signal is triggered, in milliseconds since the epoch.
type
How the requested resource will be used.
url
cookieStoreId
The cookie store ID of the contextual identity.
documentUrl
URL of the page into which the requested resource will be loaded.
incognito
True for private browsing requests.
originUrl
URL of the resource that triggered this request.
requestHeaders
The HTTP request headers that have been sent out with this request.
urlClassification
Tracking classification if the request has been classified.
Note
Classification flags emailtracking and emailtracking_content added in Thunderbird 104.
Required permissions
Types
BlockingResponse
– [Added in TB 45]
Returns value for event handlers that have the ‘blocking’ extraInfoSpec applied. Allows the event handler to modify network requests.
object
authCredentials
cancel
If true, the request is cancelled. Used in onBeforeRequest, this prevents the request from being sent.
redirectUrl
Only used as a response to the onBeforeRequest and onHeadersReceived events. If set, the original request is prevented from being sent/completed and is instead redirected to the given URL. Redirections to non-HTTP schemes such as data: are allowed. Redirects initiated by a redirect action use the original request method for the redirect, with one exception: If the redirect is initiated at the onHeadersReceived stage, then the redirect will be issued using the GET method.
requestHeaders
Only used as a response to the onBeforeSendHeaders event. If set, the request is made with these request headers instead.
responseHeaders
Only used as a response to the onHeadersReceived event. If set, the server is assumed to have responded with these response headers instead. Only return responseHeaders if you really want to modify the headers in order to limit the number of conflicts (only one extension may modify responseHeaders for each request).
upgradeToSecure
Only used as a response to the onBeforeRequest event. If set, the original request is prevented from being sent/completed and is instead upgraded to a secure request. If any extension returns redirectUrl during onBeforeRequest, upgradeToSecure will have no affect.
CertificateInfo
– [Added in TB 62]
Contains the certificate properties of the request if it is a secure request.
object
fingerprint
isBuiltInRoot
issuer
serialNumber
subject
subjectPublicKeyInfoDigest
validity
rawDER
CertificateTransparencyStatus
HttpHeaders
– [Added in TB 45]
An array of HTTP headers. Each header is represented as a dictionary containing the keys name and either value or binaryValue.
array of object
OnAuthRequiredOptions
OnBeforeRedirectOptions
string
OnBeforeRequestOptions
OnBeforeSendHeadersOptions
OnCompletedOptions
string
OnHeadersReceivedOptions
OnResponseStartedOptions
string
OnSendHeadersOptions
string
RequestFilter
– [Added in TB 45]
An object describing filters to apply to webRequest events.
Note
From Thunderbird 78 onwards, if a filter contains unrecognized values in its types property, then these values are ignored and addListener() proceeds.
Note
Before Thunderbird 78, if a filter contains unrecognized values in its types property, addListener() throws an exception.
object
urls
A list of URLs or URL patterns. Requests that cannot match any of the URLs will be filtered out.
Note
Before Thunderbird 56, moz-extension:// URLs were not allowed.
incognito
If provided, requests that do not match the incognito state will be filtered out.
tabId
types
A list of request types. Requests that cannot match any of the types will be filtered out.
windowId
ResourceType
– [Added in TB 45]
string
Supported values:
beacon
csp_report
font
image
imageset
json
Note
The “json” property is supported from Thunderbird 135, but requests of this type are only available from Thunderbird 138.
main_frame
media
object
other
ping
script
speculative
stylesheet
sub_frame
web_manifest
websocket
xml_dtd
xmlhttprequest
xslt
SecurityInfo
– [Added in TB 62]
Contains the security properties of the request (ie. SSL/TLS information).
object
certificates
Certificate data if state is “secure”. Will only contain one entry unless certificateChain is passed as an option.
state
certificateTransparencyStatus
Certificate transparency compliance per RFC 6962. See https://www.certificate-transparency.org/what-is-ct for more information.
cipherSuite
The cipher suite used in this request if state is “secure”.
errorMessage
Error message if state is “broken”
hpkp
True if host uses Public Key Pinning and state is “secure”.
hsts
True if host uses Strict Transport Security and state is “secure”.
isDomainMismatch
The domain name does not match the certificate domain.
isExtendedValidation
isNotValidAtThisTime
The certificate is either expired or is not yet valid. See CertificateInfo.validity for start and end dates.
isUntrusted
keaGroupName
The key exchange algorithm used in this request if state is “secure”.
overridableErrorCategory
protocolVersion
secretKeyLength
The length (in bits) of the secret key.
signatureSchemeName
The signature scheme used in this request if state is “secure”.
usedDelegatedCredentials
True if the TLS connection used Delegated Credentials.
usedEch
True if the TLS connection used Encrypted Client Hello.
usedOcsp
True if the TLS connection made OCSP requests.
usedPrivateDns
True if the TLS connection used a privacy-preserving DNS transport like DNS-over-HTTPS.
weaknessReasons
list of reasons that cause the request to be considered weak, if state is “weak”
TransportWeaknessReasons
string
UploadData
– [Added in TB 45]
Contains data uploaded in a URL request.
UrlClassification
object
firstParty
Classification flags if the request has been classified and it is first party.
thirdParty
Classification flags if the request has been classified and it or its window hierarchy is third party.
UrlClassificationFlags
Tracking flags that match our internal tracking classification
string
Supported values:
antifraud
any_basic_tracking
any_social_tracking
any_strict_tracking
consentmanager
cryptomining
cryptomining_content
emailtracking
emailtracking_content
fingerprinting
fingerprinting_content
tracking
tracking_ad
tracking_analytics
tracking_content
tracking_social
UrlClassificationParty
If the request has been classified this is an array of UrlClassificationFlags.
array of UrlClassificationFlags
Properties
MAX_HANDLER_BEHAVIOR_CHANGED_CALLS_PER_10_MINUTES
The maximum number of times that handlerBehaviorChanged can be called per 10 minute sustained interval. handlerBehaviorChanged is an expensive function call that shouldn’t be called often.