Bird
Raised Fist0
Postmantesting~15 mins

Header assertions in Postman - Build an Automation Script

Choose your learning style10 modes available
LearnWhyDeepTraceTryChallengeAutomateRecallFrame

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Verify response headers for a GET request
Preconditions (2)
Step 1: Send a GET request to https://jsonplaceholder.typicode.com/posts/1
Step 2: Check the response headers for 'Content-Type'
Step 3: Check the response headers for 'Cache-Control'
Step 4: Check the response headers for 'Content-Encoding'
✅ Expected Result: The response headers contain 'Content-Type' with value 'application/json; charset=utf-8', 'Cache-Control' with a non-empty value, and 'Content-Encoding' header is present
Automation Requirements - Postman Tests (JavaScript)
Assertions Needed:
Assert 'Content-Type' header equals 'application/json; charset=utf-8'
Assert 'Cache-Control' header is present and not empty
Assert 'Content-Encoding' header is present
Best Practices:
Use pm.response.headers.get() to access headers
Use strict equality for header value assertions
Write clear and descriptive assertion messages
Automated Solution
Postman
pm.test('Content-Type header is application/json; charset=utf-8', () => {
    const contentType = pm.response.headers.get('Content-Type');
    pm.expect(contentType).to.eql('application/json; charset=utf-8');
});

pm.test('Cache-Control header is present and not empty', () => {
    const cacheControl = pm.response.headers.get('Cache-Control');
    pm.expect(cacheControl).to.be.a('string').and.not.empty;
});

pm.test('Content-Encoding header is present', () => {
    const contentEncoding = pm.response.headers.get('Content-Encoding');
    pm.expect(contentEncoding).to.not.be.undefined;
});

This test script uses Postman’s built-in pm object to access response headers and make assertions.

First, it checks that the Content-Type header exactly matches the expected string using pm.expect().to.eql().

Next, it verifies that the Cache-Control header exists and is not empty by checking its type and length.

Finally, it confirms the presence of the Content-Encoding header by asserting it is not undefined.

Each test has a clear name describing what it checks, making it easy to understand test results.

Common Mistakes - 3 Pitfalls
{'mistake': "Using pm.response.headers['Content-Type'] instead of pm.response.headers.get('Content-Type')", 'why_bad': 'pm.response.headers is not a plain object, so direct property access returns undefined.', 'correct_approach': "Use pm.response.headers.get('Header-Name') to reliably get header values."}
Using loose equality (==) instead of strict equality (=== or .eql()) for header value checks
Not checking if header exists before asserting its value
Bonus Challenge

Now add tests to verify headers for three different API endpoints with different expected header values.

Show Hint

Practice

(1/5)
1. What does the Postman assertion pm.response.to.have.header('Content-Type') check for?
easy
A. It checks if the response body contains the text 'Content-Type'.
B. It checks if the response includes a header named 'Content-Type'.
C. It verifies the status code of the response is 200.
D. It checks if the request has a header named 'Content-Type'.

Solution

  1. Step 1: Understand the assertion method

    The method pm.response.to.have.header() is used to check response headers.

  2. Step 2: Identify what is being checked

    The argument 'Content-Type' specifies the header name to look for in the response.

  3. Final Answer:

    It checks if the response includes a header named 'Content-Type'. -> Option B

  4. Quick Check:

    Header presence check = It checks if the response includes a header named 'Content-Type'. [OK]
Hint: Look for 'response.to.have.header' to check response headers [OK]
Common Mistakes:
  • Confusing response headers with response body content
  • Checking request headers instead of response headers
  • Assuming it checks status codes
2. Which of the following is the correct syntax to assert that the response header 'Cache-Control' has the value 'no-cache' in Postman?
easy
A. pm.expect(pm.response.headers.get('Cache-Control')).to.eql('no-cache');
B. pm.response.to.have.header('Cache-Control', 'no-cache');
C. pm.expect(response.headers['Cache-Control']).to.equal('no-cache');
D. pm.response.headers('Cache-Control').equals('no-cache');

Solution

  1. Step 1: Recall correct Postman syntax for header value assertion

    Use pm.expect(pm.response.headers.get('Header-Name')).to.eql('value') to check header value.

  2. Step 2: Check each option's syntax

    pm.expect(pm.response.headers.get('Cache-Control')).to.eql('no-cache'); uses correct method headers.get() and assertion to.eql(). Others have syntax errors or incorrect usage.

  3. Final Answer:

    pm.expect(pm.response.headers.get('Cache-Control')).to.eql('no-cache'); -> Option A

  4. Quick Check:

    Use headers.get() with pm.expect() [OK]
Hint: Use headers.get('name') inside pm.expect() for header value checks [OK]
Common Mistakes:
  • Using incorrect method like headers('name')
  • Trying to pass two arguments to to.have.header()
  • Using response.headers as an object without get()
3. Given this Postman test snippet:
pm.test('Check Server header', () => {
  pm.expect(pm.response.headers.get('Server')).to.equal('nginx');
});

What will happen if the response header 'Server' is 'Apache'?
medium
A. The test will be skipped automatically.
B. The test will pass because the header exists.
C. The test will throw a syntax error.
D. The test will fail because the header value is not 'nginx'.

Solution

  1. Step 1: Understand the assertion

    The test expects the 'Server' header value to be exactly 'nginx'.

  2. Step 2: Compare actual header value

    The actual header value is 'Apache', which does not match 'nginx', so assertion fails.

  3. Final Answer:

    The test will fail because the header value is not 'nginx'. -> Option D

  4. Quick Check:

    Value mismatch causes failure [OK]
Hint: Exact value mismatch causes test failure [OK]
Common Mistakes:
  • Assuming header presence is enough to pass
  • Thinking syntax error occurs on value mismatch
  • Believing test skips on assertion failure
4. You wrote this Postman test:
pm.test('Check Content-Length', () => {
  pm.expect(pm.response.headers.get('Content-Length')).to.be('1234');
});

Why does this test fail to run correctly?
medium
A. Because the value '1234' is a number and should not be in quotes.
B. Because 'Content-Length' header does not exist in the response.
C. Because to.be is not a valid assertion method; it should be to.equal or to.eql.
D. Because pm.response.headers.get returns an array, not a string.

Solution

  1. Step 1: Check assertion method correctness

    The method to.be is not a valid Chai assertion method for value equality in Postman.

  2. Step 2: Identify correct assertion method

    Use to.equal or to.eql to compare values correctly.

  3. Final Answer:

    Because to.be is not a valid assertion method; it should be to.equal or to.eql. -> Option C

  4. Quick Check:

    Use to.equal() for value assertions [OK]
Hint: Use to.equal() or to.eql() for value checks, not to.be [OK]
Common Mistakes:
  • Using to.be() instead of to.equal()
  • Assuming header value is numeric without quotes
  • Thinking headers.get() returns array
5. You want to write a Postman test to verify that the response has a header named 'X-Rate-Limit' and its value is a number greater than 1000. Which code snippet correctly achieves this?
hard
A. pm.test('X-Rate-Limit check', () => { const val = Number(pm.response.headers.get('X-Rate-Limit')); pm.expect(val).to.be.above(1000); });
B. pm.test('X-Rate-Limit check', () => { pm.expect(pm.response.headers.get('X-Rate-Limit')).to.be.greaterThan(1000); });
C. pm.test('X-Rate-Limit check', () => { pm.expect(pm.response.headers.has('X-Rate-Limit')).to.equal(true); pm.expect(pm.response.headers.get('X-Rate-Limit') > 1000).to.be.true; });
D. pm.test('X-Rate-Limit check', () => { pm.expect(parseInt(pm.response.headers.get('X-Rate-Limit'))).to.be.greaterThan(1000); });

Solution

  1. Step 1: Extract and convert header value to number

    Use Number() to convert the header string value to a number for comparison.

  2. Step 2: Use correct assertion for numeric comparison

    Use pm.expect(val).to.be.above(1000) to check if the number is greater than 1000.

  3. Final Answer:

    pm.test('X-Rate-Limit check', () => { const val = Number(pm.response.headers.get('X-Rate-Limit')); pm.expect(val).to.be.above(1000); }); -> Option A

  4. Quick Check:

    Convert header to number, then assert with to.be.above() [OK]
Hint: Convert header string to number before numeric assertions [OK]
Common Mistakes:
  • Using to.be.greaterThan() which is not a valid Chai method
  • Not converting header value to number before comparison
  • Trying to compare header string directly to number