The Access-Control-Request-Headers request header is used by browsers when issuing a preflight request, to let the server know which HTTP headers the client might send when the actual request is made (such as with setRequestHeader()). This browser side header will be answered by the complementary server side header of Access-Control-Allow-Headers.
| Header type | Request header |
|---|---|
| Forbidden header name | yes |
Syntax
Access-Control-Request-Headers: <header-name>, <header-name>, ...
Directives
- <header-name>
- A comma-delimited list of HTTP headers that are included in the request.
Examples
Access-Control-Request-Headers: X-PINGOTHER, Content-Type
Specifications
| Specification | Status | Comment |
|---|---|---|
| Fetch The definition of 'Access-Control-Request-Headers' in that specification. |
Living Standard | Initial definition. |
Browser compatibility
The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Update compatibility data on GitHub
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Access-Control-Request-Headers | Chrome Full support 4 | Edge Full support 12 | Firefox Full support 3.5 | IE Full support 10 | Opera Full support 12 | Safari Full support 4 | WebView Android Full support 2 | Chrome Android Full support Yes | Firefox Android Full support 4 | Opera Android Full support 12 | Safari iOS Full support 3.2 | Samsung Internet Android Full support Yes |
Legend
- Full support
- Full support