Our volunteers haven't translated this article into 한국어 yet. Join us and help get the job done!
You can also read the article in English (US).

The Access-Control-Allow-Headers response header is used in response to a preflight request to indicate which HTTP headers can be used during the actual request.

The simple headers, Accept, Accept-Language, Content-Language, Content-Type (but only with a MIME type of its parsed value (ignoring parameters) of either application/x-www-form-urlencoded, multipart/form-data, or text/plain), are always available and don't need to be listed by this header.

This header is required if the request has an Access-Control-Request-Headers header.

Header type Response header
Forbidden header name no

Syntax

Access-Control-Allow-Headers: <header-name>, <header-name>, ...

Directives

<header-name>
Comma-delimited list of the supported request headers.

Examples

Access-Control-Allow-Headers: X-Custom-Header

Specifications

Specification Status Comment
Fetch
The definition of 'Access-Control-Allow-Headers' in that specification.
Living Standard Initial definition.

Browser compatibility

FeatureChromeEdgeFirefoxInternet ExplorerOperaSafari
Basic support4123.510124
FeatureAndroid webviewChrome for AndroidEdge mobileFirefox for AndroidOpera AndroidiOS SafariSamsung Internet
Basic support2.1 Yes Yes4123.2 Yes

Compatibility notes

See also

문서 태그 및 공헌자

 이 페이지의 공헌자: mfuji09, othree, smaximov, fscholz, teoli
 최종 변경: mfuji09,