MDN wants to learn about developers like you:

The XMLHttpRequest.setRequestHeader() method sets the value of an HTTP request header. You must call setRequestHeader()after open(), but before send(). If this method is called several times with the same header, the values are merged into one single request header.

If no Accept header has been set using this, an Accept header with the */* is sent with the request when send() is called.

For security reasons, some headers can only be controlled by the user agent. These headers include the forbidden header names  and forbidden response header names.

For your custom fields, you may encounter "not allowed by Access-Control-Allow-Headers in preflight response" exception when you send request to cross domain. In this situation, you need set "Access-Control-Allow-Headers" in your response header at server side.


XMLHttpRequest.setRequestHeader(header, value)


The name of the header whose value is to be set.
The value to set as the body of the header.


Specification Status Comment
The definition of 'setRequestHeader()' in that specification.
Living Standard WHATWG living standard

Browser compatibility

Feature Chrome Edge Firefox (Gecko) Internet Explorer Opera Safari (WebKit)
Basic support 1 (Yes) ? 5[1]
(Yes) 1.2
Feature Android Chrome for Android Edge Firefox Mobile (Gecko) IE Mobile Opera Mobile Safari Mobile
Basic support ? 1.0 (Yes) (Yes) ? ? ?

[1] This feature was implemented via ActiveXObject(). Internet Explorer implements the standard XMLHttpRequest since version 7.

See also

Using XMLHttpRequest

Document Tags and Contributors

 Contributors to this page: martin-martin, userGitHub34535, Makyen, erikadoyle, KeZhang, teoli, MashKao, jsx
 Last updated by: martin-martin,