LogoفارسیFA

NextRequest and NextResponse in Next.js — Managing Cookies, Headers, Redirects, and Rewrites

Next.js extends the native Web Request and Response APIs with NextRequest and NextResponse, offering powerful tools for managing cookies, headers, redirects, rewrites, and JSON responses. These utilities simplify server-side logic and improve control over routing, personalization, and security. This guide walks through their capabilities with practical examples and best practices.

NextRequestNextResponsecookiesredirectheaders

~2 min read • Updated Nov 1, 2025

1. What Is NextRequest?


NextRequest extends the Web Request API with Next.js-specific methods for reading and mutating cookies and accessing enhanced URL properties.


Cookie Methods:

  • set(name, value): Set a cookie on the request
  • get(name): Get a cookie value
  • getAll(name?): Get all cookies or all with a specific name
  • delete(name): Remove a cookie
  • has(name): Check if a cookie exists
  • clear(): Remove all cookies from the request

URL Properties:

  • nextUrl.pathname: Get the request path
  • nextUrl.searchParams: Access query parameters
  • basePath, buildId: App-specific metadata

2. What Is NextResponse?


NextResponse extends the Web Response API with methods for setting cookies, returning JSON, redirecting, rewriting, and forwarding headers.


Cookie Methods:

  • set(name, value): Set a cookie on the response
  • get(name): Get a cookie value
  • getAll(name?): Get all cookies or all with a specific name
  • delete(name): Remove a cookie

Response Utilities:

  • json(data, options): Return a JSON response
  • redirect(url): Redirect to another URL
  • rewrite(url): Proxy a request while preserving the original URL
  • next(): Continue routing (useful for middleware and proxies)

3. Forwarding Headers Safely


When using NextResponse.next() to forward headers upstream, avoid copying all headers. Instead, use an allow-list to forward only safe headers:

const incoming = new Headers(request.headers)
const forwarded = new Headers()

for (const [name, value] of incoming) {
  const headerName = name.toLowerCase()
  if (
    !headerName.startsWith('x-') &&
    headerName !== 'authorization' &&
    headerName !== 'cookie'
  ) {
    forwarded.set(name, value)
  }
}

return NextResponse.next({ request: { headers: forwarded } })

4. Redirecting with Context


You can modify the redirect URL using request.nextUrl before calling NextResponse.redirect():

const loginUrl = new URL('/login', request.url)
loginUrl.searchParams.set('from', request.nextUrl.pathname)
return NextResponse.redirect(loginUrl)

5. Rewriting Requests


Use NextResponse.rewrite() to proxy a request while keeping the original URL visible in the browser:

return NextResponse.rewrite(new URL('/proxy', request.url))

Conclusion


NextRequest and NextResponse give you fine-grained control over cookies, headers, routing, and response behavior in Next.js. Use them to personalize user experiences, secure data flow, and optimize server-side logic.


Written & researched by Dr. Shahin Siami

Next Article