Header Order

Akamai validates the exact order of HTTP headers. Incorrect order will result in detection.

Why It Matters

Browsers send headers in a specific, consistent order. Bot detection systems compare your header order against known browser patterns.

Important: Chrome DevTools does NOT show the correct header order — it displays headers alphabetically.

Capturing Correct Header Order

Use Charles Proxy to capture the exact header order from a real browser.

Setup

1

Download and install Charles Proxy

Download and install Charles Proxy.

2

Install Charles root certificate

Install the Charles root certificate for HTTPS inspection.

3

Configure browser proxy

Configure your browser to use Charles as proxy.

Capturing Headers

1

Start recording in Charles

Open Charles and start recording.

2

Navigate to target site

Navigate to your target site in a browser.

3

Find the request

Find the request in Charles.

4

Examine the raw headers

Examine the Raw tab to see exact header order.

Example Header Order

A typical Chrome request has headers in this order:

:method: GET
:authority: example.com
:scheme: https
:path: /page
accept: text/html,...
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: max-age=0
cookie: ...
sec-ch-ua: "..."
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0...

Implementation

Most HTTP libraries don't preserve header order. Use libraries that support ordered headers:

Common Mistakes

Mistake
Impact

Using DevTools to capture headers

Shows alphabetical order, not actual order

Using standard HTTP libraries

Don't preserve header order

Inconsistent order across requests

Detection flag

Missing pseudo-headers (HTTP/2)

Immediate block

Resources

PreviousTLS Fingerprinting

Last updated