Access-Control-Request-Headers

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since July 2015.

The HTTP Access-Control-Request-Headers request header is used by browsers when issuing a preflight request to let the server know which HTTP headers the client might send when the actual request is made (such as with fetch() or XMLHttpRequest.setRequestHeader()). The complementary server-side header of Access-Control-Allow-Headers will answer this browser-side header.

Header type Request header
Forbidden header name Yes

Syntax

http
Access-Control-Request-Headers: <header-name>,<header-name>,…

Directives

<header-name>

A sorted list of unique, comma-separated, lowercase HTTP headers that are included in the request.

Examples

http
Access-Control-Request-Headers: content-type,x-pingother

Specifications

Specification
Fetch Standard
# http-access-control-request-headers

Browser compatibility

BCD tables only load in the browser

See also