📡Handle X-Requested-With Header in your WebView

This guide is only relevant for partners integrating Zop products in their Android apps' WebViews.

Context

Some Android WebView versions add a request header called X-Requested-With to all outgoing requests. This header includes your app’s package name (for example, com.example.myapp).

While earlier WebView versions sent this request header by default, Android WebView (v103+) now needs you to explicitly allow which origins should receive this header. Without configuring this, your app's WebView may strip the header, which can break the integration with Gamezop’s product or our ability to accurately track your revenue.

What you need to do

Add just one line of code to your existing WebView setup.

val allowList = setOf("*") 
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
    WebSettingsCompat.setRequestedWithHeaderOriginAllowList(webView.settings, allowList)
}

Set<String> allowList = Collections.singleton("*");
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
    WebSettingsCompat.setRequestedWithHeaderOriginAllowList(webView.getSettings(), allowList);
}

Dependency required

To use this method, ensure you have AndroidX WebKit in your app’s build.gradle:

implementation 'androidx.webkit:webkit:1.14.0' // or newer; latest stable release can be found here: https://developer.android.com/jetpack/androidx/releases/webkit

If you encounter build errors when using androidx.webkit:webkit:1.14.0 (or newer), make sure your project is using Gradle 8.0 or higher, as earlier versions may not support the required build configuration or Java language features.

Why this matters

If this step is skipped:

Some requests from your app’s WebView might be rejected
Gamezop games may not load properly in edge cases
Debugging header issues becomes harder

By adding this line, you’re future-proofing your integration with us.

Last updated 1 day ago

Was this helpful?