Simple response header

A simple response header (or a CORS-safelisted response header) is an HTTP header that is one of the following:

These headers will not be filtered when the response is filtered by CORS, they are considered as safe (as the headers listed in Access-Control-Expose-Headers.


Extending the safelist

You can extend the list of CORS-safelisted response headers by using the Access-Control-Expose-Headers header:

Access-Control-Expose-Headers: X-Custom-Header, Content-Length

Learn more

Document Tags and Contributors

 Contributors to this page: teoli, fscholz
 Last updated by: teoli,