The Access-Control-Request-Headers request header is used by browsers when issuing a preflight request, to let the server know which HTTP headers the client might send when the actual request is made (such as with setRequestHeader()). This browser side header will be answered by the complementary server side header of Access-Control-Allow-Headers.

Header type Request header
Forbidden header name yes


Access-Control-Request-Headers: <header-name>, <header-name>, ...


A comma-delimited list of HTTP headers that are included in the request.


Access-Control-Request-Headers: X-PINGOTHER, Content-Type


Specification Status Comment
The definition of 'Access-Control-Request-Headers' in that specification.
Living Standard Initial definition.

Browser compatibility

Update compatibility data on GitHub
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
Access-Control-Request-HeadersChrome Full support 4Edge Full support 12Firefox Full support 3.5IE Full support 10Opera Full support 12Safari Full support 4WebView Android Full support 2Chrome Android Full support YesFirefox Android Full support 4Opera Android Full support 12Safari iOS Full support 3.2Samsung Internet Android Full support Yes


Full support  
Full support

See also