XMLHttpRequest: setRequestHeader() method
Baseline Widely available
This feature is well established and works across many devices and browser versions. It’s been available across browsers since July 2015.
Note: This feature is available in Web Workers, except for Service Workers.
The XMLHttpRequest
method setRequestHeader()
sets the value of an HTTP request header.
When using setRequestHeader()
, you must call it after calling open()
, but before calling send()
.
If this method is called several times with the same header, the values are merged into one single request header.
Each time you call setRequestHeader()
after the first time you call it, the specified text is appended to the end of the existing header's content.
If no Accept
header has been set using this, an Accept
header with the type "*/*"
is sent with the request when send()
is called.
For security reasons, there are several forbidden header names whose values are controlled by the user agent. Any attempt to set a value for one of those headers from frontend JavaScript code will be ignored without warning or error.
In addition, the Authorization
HTTP header may be added to a request, but will be removed if the request is redirected cross-origin.
Note: For your custom fields, you may encounter a "not allowed by Access-Control-Allow-Headers in preflight response" exception when you send requests across domains.
In this situation, you need to set up the Access-Control-Allow-Headers
in your response header at server side.
Syntax
setRequestHeader(header, value)
Parameters
Return value
None (undefined
).
Specifications
Specification |
---|
XMLHttpRequest Standard # the-setrequestheader()-method |
Browser compatibility
BCD tables only load in the browser