}
```

### Rewriting Responses

Symmetrically, interceptors can rewrite response headers and transform the response body. This is generally more dangerous than rewriting request headers because it may violate the webserver's expectations!

def test_read_item():
    response = client.get("/items/foo", headers={"X-Token": "coneofsilence"})
    assert response.status_code == 200
    assert response.json() == {
        "id": "foo",
        "title": "Foo",
        "description": "There goes my hero",
    }


def test_read_item_bad_token():
    response = client.get("/items/foo", headers={"X-Token": "hailhydra"})
    assert response.status_code == 400

**FastAPI** **extraerá** los datos para **cada campo** de los **headers** en el request y te dará el modelo Pydantic que definiste.

## Revisa la Documentación { #check-the-docs }

Puedes ver los headers requeridos en la interfaz de documentación en `/docs`:

<div class="screenshot">
<img src="/img/tutorial/header-param-models/image01.png">
</div>

## Prohibir Headers Extra { #forbid-extra-headers }

    response = client.get("/users/me", headers={"Authorization": "Bearer nonexistent"})
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Not authenticated"}
    assert response.headers["WWW-Authenticate"] == "Bearer"


def test_incorrect_token_type(client: TestClient):
    response = client.get(
        "/users/me", headers={"Authorization": "Notexistent testtoken"}
    )

    assertThat(recorded.headers["Accept"]).isEqualTo("text/plain")
    assertThat(recorded.headers["Accept-Encoding"]).isNull() // No built-in gzip.
    assertThat(recorded.headers["Connection"]).isEqualTo("Upgrade, HTTP2-Settings")
    if (PlatformVersion.majorVersion < 19) {
      assertThat(recorded.headers["Content-Length"]).isEqualTo("0")
    }
    assertThat(recorded.headers["HTTP2-Settings"]).isNotNull()

## Headers reenviados por el proxy { #proxy-forwarded-headers }

Al usar un proxy para gestionar HTTPS, tu **servidor de aplicaciones** (por ejemplo Uvicorn vía FastAPI CLI) no sabe nada sobre el proceso HTTPS, se comunica con HTTP simple con el **TLS Termination Proxy**.

    else -> null
  }
}

fun CookieJar.receiveHeaders(
  url: HttpUrl,
  headers: Headers,
) {
  if (this === CookieJar.NO_COOKIES) return

  val cookies = Cookie.parseAll(url, headers)
  if (cookies.isEmpty()) return

  saveFromResponse(url, cookies)
}

/**
 * Returns true if the response headers and status indicate that this response has a (possibly
 * 0-length) body. See RFC 7231.
 */

	public final fun addUnsafeNonAscii (Ljava/lang/String;Ljava/lang/String;)Lokhttp3/Headers$Builder;
	public final fun build ()Lokhttp3/Headers;
	public final fun get (Ljava/lang/String;)Ljava/lang/String;
	public final fun removeAll (Ljava/lang/String;)Lokhttp3/Headers$Builder;
	public final fun set (Ljava/lang/String;Ljava/lang/String;)Lokhttp3/Headers$Builder;

* `allow_headers` - Una lista de headers de request HTTP que deberían estar soportados para requests cross-origin. Por defecto es `[]`. Puedes usar `['*']` para permitir todos los headers. Los headers `Accept`, `Accept-Language`, `Content-Language` y `Content-Type` siempre están permitidos para <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests"...

	ctx := t.Context()
	testCases := []struct {
		name            string
		headers         http.Header
		wantObjectAttrs map[string]struct{}
	}{
		{
			name:            "empty header",
			headers:         http.Header{},
			wantObjectAttrs: map[string]struct{}{},
		},
		{
			name: "single header line",
			headers: http.Header{
				xhttp.AmzObjectAttributes: []string{"test1,test2"},
			},