When requesting a content to my server, headers get replaced by Replit's ones

When I use a Python programm with a simple Flask webserver, and I try to get headers, instead of getting the real request headers, Im getting the Replit’s headers…
Instead of getting that: {"User-Agent": ""}
I am getting that: {'Host': 'my repl host name', 'Content-Length': '37', 'Accept': '*/*', 'Accept-Encoding': 'gzip, deflate, br', 'Content-Type': 'application/x-www-form-urlencoded', 'X-Forwarded-For': 'some ip', 'X-Forwarded-Proto': 'https', 'X-Replit-User-Bio': '', 'X-Replit-User-Id': '', 'X-Replit-User-Name': '', 'X-Replit-User-Profile-Image': '', 'X-Replit-User-Roles': '', 'X-Replit-User-Teams': '', 'X-Replit-User-Url': ''}

Why does this happen and how do I fix it please ?

Hello @HGStyleOfficial!

Thank you for your post and sorry that you are experiencing issues. However, we may not be able to help you with this issue if you do not complete the template fields fully.

Without a code excerpt and/or the link to your Repl there won’t be much we can do to help you. A screenshot of the expected output would also be appreciated.

The more information you provide at the start, the easier it will be to identify the bug in your program.


Hi, sorry, I did not shared an example.
So, here is the minimal reproductible code of this:

import flask

app = flask.Flask(__name__)

def home():

app.run(host='', port=80)

Then you need to go to the site with your browser and in the console you will see the headers that are normally these:
{'Host': 'my repl host name', 'Content-Length': '37', 'Accept': '*/*', 'Accept-Encoding': 'gzip, deflate, br', 'Content-Type': 'application/x-www-form-urlencoded', 'X-Forwarded-For': 'some ip', 'X-Forwarded-Proto': 'https', 'X-Replit-User-Bio': '', 'X-Replit-User-Id': '', 'X-Replit-User-Name': '', 'X-Replit-User-Profile-Image': '', 'X-Replit-User-Roles': '', 'X-Replit-User-Teams': '', 'X-Replit-User-Url': ''}
Hope this help to fix that !

Also my Repl URL is https://gdpsproxy.repl.co/

Using that code (with some modifications so I can add a single header), I get this result:
{"Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7","Accept-Encoding":"gzip, deflate, br","Accept-Language":"en-US,en;q=0.9","Content-Length":"3","Content-Type":"text/html; charset=utf-8","Dnt":"1","Host":"header-test.firepup650.repl.co","Sec-Ch-Ua":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"","Sec-Ch-Ua-Mobile":"?1","Sec-Ch-Ua-Platform":"\"Android\"","Sec-Fetch-Dest":"document","Sec-Fetch-Mode":"navigate","Sec-Fetch-Site":"cross-site","Upgrade-Insecure-Requests":"1","User-Agent":"Mozilla/5.0 (Linux; Android 13; SM-S236DL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Mobile Safari/537.36","X-Anonymized-But-Never-Forgotten":"Doomsdaybear","X-Forwarded-For":"xx.xxx.xx.xx","X-Forwarded-Proto":"https","X-Replit-User-Bio":"","X-Replit-User-Id":"","X-Replit-User-Name":"","X-Replit-User-Profile-Image":"","X-Replit-User-Roles":"","X-Replit-User-Teams":"","X-Replit-User-Url":""}
From here: header-test.firepup650.repl.co
Note: the code has now been modified a bit, but is still functionally the same

OK but why the “User-Agent” header isn’t there ?

It is?

It’s right here.

Sorry I missed to say in my request…
Here is the code I used to get request header:

>>> headers = {"test": "hello world"}
>>> headers['User-Agent'] = ""
>>> import requests
>>> r = requests.request("GET", "https://header-test.firepup650.repl.co/", headers=headers)
>>> r.text
'{"Accept":"*/*","Accept-Encoding":"gzip, deflate, br","Content-Length":"3","Content-Type":"text/html; charset=utf-8","Host":"header-test.firepup650.repl.co","Test":"hello world","X-Anonymized-But-Never-Forgotten":"Doomsdaybear","X-Forwarded-For":"xxx.xxx.xxx.xxx","X-Forwarded-Proto":"https","X-Replit-User-Bio":"","X-Replit-User-Id":"","X-Replit-User-Name":"","X-Replit-User-Profile-Image":"","X-Replit-User-Roles":"","X-Replit-User-Teams":"","X-Replit-User-Url":""}\n'
>>> h=r.json()
>>> h
{'Accept': '*/*', 'Accept-Encoding': 'gzip, deflate, br', 'Content-Length': '3', 'Content-Type': 'text/html; charset=utf-8', 'Host': 'header-test.firepup650.repl.co', 'Test': 'hello world', 'X-Anonymized-But-Never-Forgotten': 'Doomsdaybear', 'X-Forwarded-For': 'xxx.xxx.xxx.xxx', 'X-Forwarded-Proto': 'https', 'X-Replit-User-Bio': '', 'X-Replit-User-Id': '', 'X-Replit-User-Name': '', 'X-Replit-User-Profile-Image': '', 'X-Replit-User-Roles': '', 'X-Replit-User-Teams': '', 'X-Replit-User-Url': ''}
>>> h['User-Agent']
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
KeyError: 'User-Agent'
>>> list(h.keys())
['Accept', 'Accept-Encoding', 'Content-Length', 'Content-Type', 'Host', 'Test', 'X-Anonymized-But-Never-Forgotten', 'X-Forwarded-For', 'X-Forwarded-Proto', 'X-Replit-User-Bio', 'X-Replit-User-Id', 'X-Replit-User-Name', 'X-Replit-User-Profile-Image', 'X-Replit-User-Roles', 'X-Replit-User-Teams', 'X-Replit-User-Url']
>>> r.headers
{'Content-Length': '467', 'Content-Type': 'application/json', 'Date': 'Tue, 04 Apr 2023 16:39:09 GMT', 'Expect-Ct': 'max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=xxxxxxxxxxxxxsomethingsherexxxxxx"', 'Replit-Cluster': 'global', 'Server': 'Werkzeug/2.2.2 Python/3.10.8', 'Strict-Transport-Security': 'max-age=4940139; includeSubDomains'}

Maybe because you set headers['User-Agent'] to an empty string?

IDK, normally it works because Geometry Dash private servers send empty strings as user agents…

Hmm. What happens if you make a request with a non-empty User-Agent header?

1 Like

Same thing… IDK what is not working…