1. IronPDF
  2. How-Tos
  3. HTTP Request Header
How to Use Cookies with IronPDF for Secure PDF Generation in C#

How to Use HTTP Request Headers with C#

Chaknith Bin
Chaknith Bin
Updated:

HTTP request headers in C# allow you to send additional metadata like authentication tokens or custom user agents when converting URLs to PDFs using IronPDF. Simply create a dictionary of headers and assign it to the HttpRequestHeaders property before rendering.

Quickstart: Add HTTP Headers to PDF Rendering

Nuget IconGet started making PDFs with NuGet now:

  1. Install IronPDF with NuGet Package Manager

    PM > Install-Package IronPdf

  2. Copy and run this code snippet.

    new IronPdf.ChromePdfRenderer { RenderingOptions = { HttpRequestHeaders = new Dictionary<string,string> { { "Authorization", "Bearer your_token_here" }, { "User-Agent", "MyApp/1.0" } } } }
    .RenderUrlAsPdf("https://httpbin.org/bearer")
    .SaveAs("withHeaders.pdf");

  3. Deploy to test on your live environment

    Start using IronPDF in your project today with a free trial
    arrow pointer

Minimal Workflow (5 steps)

  1. Download IronPDF from NuGet
  2. Prepare the HTTP request headers as a C# dictionary
  3. Assign the dictionary to the HttpRequestHeaders property
  4. Render the URL to PDF using the RenderUrlAsPdf method
  5. Save the PDF as a file or export it as bytes

What Is an HTTP Request Header?

An HTTP request header is metadata sent by a client (such as a web browser or API client) to a server when making an HTTP request. Headers provide additional information about the request, such as authentication details, content type, user agent, and more.

This feature is used when rendering a URL to PDF, allowing you to provide HTTP header information when making the request. When working with URL to PDF conversions, headers become essential for accessing protected content or APIs that require specific authentication mechanisms.

IronPDF's HTTP header support integrates seamlessly with the Chrome PDF rendering engine, ensuring that your headers are properly sent during the rendering process. This is particularly important when dealing with secured websites or those behind TLS authentication systems.

How Do I Add Custom Headers to PDF Rendering?

Before using the HttpRequestHeaders property to set an HTTP request header, first design a proper HTTP request header object. During the rendering process, this header will be included in the URL request sent to the server. As an example, we will use httpbin.org, a website that helps show the headers request.

:path=/static-assets/pdf/content-code-examples/how-to/http-request-header.cs
using IronPdf;
using System.Collections.Generic;

var renderer = new ChromePdfRenderer();
renderer.RenderingOptions.HttpRequestHeaders = new Dictionary<string, string>
{
    { "Authorization", "Bearer test-token-123" }
};

// Render PDF from authenticated page
var pdf = renderer.RenderUrlAsPdf("https://httpbin.org/bearer");
pdf.SaveAs("output.pdf");
$vbLabelText   $csharpLabel

Working with Multiple Headers

When working with complex authentication scenarios or APIs, you often need to send multiple headers. Here's how to handle various header combinations:

using IronPdf;
using System.Collections.Generic;

var renderer = new ChromePdfRenderer();

// Configure multiple headers for API access
renderer.RenderingOptions.HttpRequestHeaders = new Dictionary<string, string>
{
    { "Authorization", "Bearer your-api-token" },
    { "Accept", "text/html,application/xhtml+xml" },
    { "Accept-Language", "en-US,en;q=0.9" },
    { "Cache-Control", "no-cache" },
    { "X-Custom-Header", "MyApplication/2.0" }
};

// Additional rendering options for better results
renderer.RenderingOptions.WaitFor.RenderDelay(500); // Wait for dynamic content
renderer.RenderingOptions.ViewPortWidth = 1920;
renderer.RenderingOptions.ViewPortHeight = 1080;

var pdf = renderer.RenderUrlAsPdf("https://api.example.com/report");
pdf.SaveAs("api-report.pdf");
using IronPdf;
using System.Collections.Generic;

var renderer = new ChromePdfRenderer();

// Configure multiple headers for API access
renderer.RenderingOptions.HttpRequestHeaders = new Dictionary<string, string>
{
    { "Authorization", "Bearer your-api-token" },
    { "Accept", "text/html,application/xhtml+xml" },
    { "Accept-Language", "en-US,en;q=0.9" },
    { "Cache-Control", "no-cache" },
    { "X-Custom-Header", "MyApplication/2.0" }
};

// Additional rendering options for better results
renderer.RenderingOptions.WaitFor.RenderDelay(500); // Wait for dynamic content
renderer.RenderingOptions.ViewPortWidth = 1920;
renderer.RenderingOptions.ViewPortHeight = 1080;

var pdf = renderer.RenderUrlAsPdf("https://api.example.com/report");
pdf.SaveAs("api-report.pdf");
$vbLabelText   $csharpLabel

Which HTTP Headers Are Most Commonly Used?

  • Authorization: Sends authentication credentials (Bearer token, Basic auth, etc.)
  • Content-Type: Defines the format of the request body (e.g., application/json)
  • Accept: Specifies the expected response format (e.g., text/html, application/json)
  • User-Agent: Identifies the client making the request (browser, API client, etc.)
  • Referer: Indicates the page that linked to the current request
  • Cookie: Sends cookies for session tracking

When using cookies for authentication, you can combine cookie headers with other authentication methods for enhanced security. The custom logging features in IronPDF can help you debug header-related issues during development.

When Should I Use Custom Headers?

Custom headers are essential when accessing protected resources that require authentication, working with APIs that expect specific headers, or when you need to identify your application to the server. They're particularly useful for rendering PDFs from authenticated web pages or API endpoints.

Common scenarios include:

  • Accessing internal company dashboards behind authentication
  • Generating reports from REST APIs that require API keys
  • Converting authenticated SaaS application pages to PDF
  • Working with microservices that use token-based authentication

Integration with Authentication Systems

IronPDF's header support works seamlessly with various authentication systems. For basic authentication scenarios:

using IronPdf;
using System;
using System.Text;

var renderer = new ChromePdfRenderer();

// Create Basic Auth header
string username = "user@example.com";
string password = "securepassword";
string credentials = Convert.ToBase64String(Encoding.UTF8.GetBytes($"{username}:{password}"));

renderer.RenderingOptions.HttpRequestHeaders = new Dictionary<string, string>
{
    { "Authorization", $"Basic {credentials}" }
};

// Render protected resource
var pdf = renderer.RenderUrlAsPdf("https://protected.example.com/report");
pdf.SaveAs("protected-report.pdf");
using IronPdf;
using System;
using System.Text;

var renderer = new ChromePdfRenderer();

// Create Basic Auth header
string username = "user@example.com";
string password = "securepassword";
string credentials = Convert.ToBase64String(Encoding.UTF8.GetBytes($"{username}:{password}"));

renderer.RenderingOptions.HttpRequestHeaders = new Dictionary<string, string>
{
    { "Authorization", $"Basic {credentials}" }
};

// Render protected resource
var pdf = renderer.RenderUrlAsPdf("https://protected.example.com/report");
pdf.SaveAs("protected-report.pdf");
$vbLabelText   $csharpLabel

What Happens If Headers Are Missing or Incorrect?

Missing or incorrect headers can result in 401 Unauthorized errors, 403 Forbidden responses, or incomplete page rendering. Always verify your header values match what the server expects, especially for authentication tokens and API keys.

To troubleshoot header issues, consider using IronPDF's debug features to examine the rendering process. Common problems include:

  • Expired tokens or API keys
  • Incorrect header formatting
  • Missing required headers
  • Case-sensitive header names being mistyped

Advanced Header Usage with Dynamic Content

When dealing with JavaScript-heavy pages that require authentication, combine headers with render delays:

:path=/static-assets/pdf/content-code-examples/how-to/http-request-header.cs
using IronPdf;
using System.Collections.Generic;

var renderer = new ChromePdfRenderer();
renderer.RenderingOptions.HttpRequestHeaders = new Dictionary<string, string>
{
    { "Authorization", "Bearer test-token-123" }
};

// Render PDF from authenticated page
var pdf = renderer.RenderUrlAsPdf("https://httpbin.org/bearer");
pdf.SaveAs("output.pdf");
$vbLabelText   $csharpLabel

Best Practices for Header Security

When working with sensitive authentication headers:

  1. Never hardcode credentials: Store tokens and API keys in secure configuration
  2. Use HTTPS URLs: Always render from HTTPS endpoints when sending authentication headers
  3. Rotate tokens regularly: Implement token rotation for long-running applications
  4. Validate SSL certificates: Ensure proper certificate validation for secure connections
  5. Monitor header usage: Log header usage for security auditing

For additional security considerations, refer to the PDF permissions and passwords guide to protect your generated PDFs.

Integrating with Modern Web Applications

Modern single-page applications (SPAs) and progressive web apps (PWAs) often require specific headers for proper rendering. Here's how to handle OAuth 2.0 protected resources:

using IronPdf;
using System.Collections.Generic;
using System.Threading.Tasks;

public async Task<PdfDocument> GenerateOAuthProtectedPdf(string accessToken, string url)
{
    var renderer = new ChromePdfRenderer();

    // Configure OAuth headers
    renderer.RenderingOptions.HttpRequestHeaders = new Dictionary<string, string>
    {
        { "Authorization", $"Bearer {accessToken}" },
        { "Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" }
    };

    // Set rendering options for SPAs
    renderer.RenderingOptions.WaitFor.RenderDelay(3000);
    renderer.RenderingOptions.EnableJavaScript = true;

    // Render and return the PDF
    return await Task.Run(() => renderer.RenderUrlAsPdf(url));
}
using IronPdf;
using System.Collections.Generic;
using System.Threading.Tasks;

public async Task<PdfDocument> GenerateOAuthProtectedPdf(string accessToken, string url)
{
    var renderer = new ChromePdfRenderer();

    // Configure OAuth headers
    renderer.RenderingOptions.HttpRequestHeaders = new Dictionary<string, string>
    {
        { "Authorization", $"Bearer {accessToken}" },
        { "Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" }
    };

    // Set rendering options for SPAs
    renderer.RenderingOptions.WaitFor.RenderDelay(3000);
    renderer.RenderingOptions.EnableJavaScript = true;

    // Render and return the PDF
    return await Task.Run(() => renderer.RenderUrlAsPdf(url));
}
$vbLabelText   $csharpLabel

For more complex scenarios involving async operations, consider implementing retry logic for failed authentication attempts.

Conclusion

HTTP request headers in IronPDF provide a powerful way to access and convert authenticated web content to PDF. By properly configuring headers, you can seamlessly integrate PDF generation into your existing authentication workflows, whether you're working with simple API keys or complex OAuth systems. Remember to follow security best practices and leverage IronPDF's extensive rendering options for optimal results.

Frequently Asked Questions

What are HTTP request headers and why would I need them when creating PDFs?

HTTP request headers are metadata sent with web requests that provide additional information like authentication details, content type, and user agent. When using IronPDF to convert URLs to PDFs, you can add custom headers to access protected content, APIs that require authentication, or websites behind security systems. This is essential for rendering secured web pages that wouldn't be accessible without proper credentials.

How do I add custom HTTP headers when converting a URL to PDF?

To add custom HTTP headers in IronPDF, create a Dictionarycontaining your header key-value pairs, then assign it to the HttpRequestHeaders property of the ChromePdfRenderer's RenderingOptions. After setting the headers, use the RenderUrlAsPdf method to convert the URL to PDF. The headers will be automatically included in the request sent to the server during rendering.

Can I add multiple HTTP headers at once for PDF rendering?

Yes, IronPDF allows you to add multiple HTTP headers simultaneously. Simply include all your header key-value pairs in the same dictionary when setting the HttpRequestHeaders property. This is useful for complex authentication scenarios where you might need to send an authorization token, custom user agent, accept headers, and other metadata all in a single request.

What types of authentication headers can I use with URL to PDF conversion?

IronPDF supports various authentication headers including Bearer tokens, Basic authentication, API keys, and custom authentication schemes. You can add these through the HttpRequestHeaders property, making it possible to convert protected web content, access APIs requiring specific authentication mechanisms, or work with websites behind TLS authentication systems.

Is there a quick way to render a URL with headers in just one line of code?

Yes, IronPDF provides a one-liner approach: new IronPdf.ChromePdfRenderer { RenderingOptions = { HttpRequestHeaders = new Dictionary{ { "Authorization", "Bearer your_token_here" } } } }.RenderUrlAsPdf("https://your-url.com").SaveAs("output.pdf"). This creates a renderer, sets headers, renders the URL, and saves the PDF all in a single statement.

Chaknith Bin
Chaknith Bin
  Chat with engineering team now
Software Engineer
Chaknith works on IronXL and IronBarcode. He has deep expertise in C# and .NET, helping improve the software and support customers. His insights from user interactions contribute to better products, documentation, and overall experience.
Ready to Get Started?
Nuget Downloads 16,901,161 | Version: 2025.12 just released