Access-Control-Request-Headers
Baseline Widely available
This feature is well established and works across many devices and browser versions. It’s been available across browsers since July 2015.
The HTTP Access-Control-Request-Headers
request header is used by browsers when issuing a preflight request to let the server know which HTTP headers the client might send when the actual request is made (such as with fetch()
or XMLHttpRequest.setRequestHeader()
). The complementary server-side header of Access-Control-Allow-Headers
will answer this browser-side header.
Header type | Request header |
---|---|
Forbidden header name | Yes |
Syntax
http
Access-Control-Request-Headers: <header-name>,<header-name>,…
Directives
<header-name>
-
A sorted list of unique, comma-separated, lowercase HTTP headers that are included in the request.
Examples
http
Access-Control-Request-Headers: content-type,x-pingother
Specifications
Specification |
---|
Fetch Standard # http-access-control-request-headers |
Browser compatibility
BCD tables only load in the browser