Our volunteers haven't translated this article into Bahasa Indonesia yet. Join us and help get the job done!
You can also read the article in English (US).

The Access-Control-Allow-Headers response header is used in response to a preflight request to indicate which HTTP headers can be used during the actual request.

The simple headers, Accept, Accept-Language, Content-Language, Content-Type (but only with a MIME type of its parsed value (ignoring parameters) of either application/x-www-form-urlencoded, multipart/form-data, or text/plain), are always available and don't need to be listed by this header.

This header is required if the request has an Access-Control-Request-Headers header.

Header type Response header
Forbidden header name no

Syntax

Access-Control-Allow-Headers: <header-name>, <header-name>, ...

Directives

<header-name>
Comma-delimited list of the supported request headers.

Examples

Access-Control-Allow-Headers: X-Custom-Header

Specifications

Specification Status Comment
Fetch
The definition of 'Access-Control-Allow-Headers' in that specification.
Living Standard Initial definition.

Browser compatibility

FeatureChromeEdgeFirefoxInternet ExplorerOperaSafari
Basic support4123.510124
FeatureAndroid webviewChrome for AndroidEdge mobileFirefox for AndroidOpera AndroidiOS SafariSamsung Internet
Basic support2.1 Yes Yes4123.2 Yes

Compatibility notes

See also

Tag Dokumen dan Kontributor

Kontributor untuk laman ini: mfuji09, othree, smaximov, fscholz, teoli
Terakhir diperbarui oleh: mfuji09,