The HTTP Access-Control-Allow-Headers header is a response-type header that is used to indicate the HTTP headers. It can be used during a request and is used in response to a CORS preflight request, that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers, which includes the Access-Control-Request-Headers HTTP header.
Note:Multiple headers can be used.
Directives: This header accepts two directives described below:
- <header-name>: It specifies the supported request header. If there are multiple headers in use we separate them using commas.
- *(wildcard): It is used for requests without HTTP cookies or HTTP authentication information. It should be noted that the Authorization header cannot be wild-carded and needs explicit mentioning.
Access-Control-Allow-Headers: Proxy-Authorization, Max-Forwards
To check the Access-Control-Allow-Headers header, go to Inspect Element -> Network. Check the response header like below Access-Control-Allow-Headers is highlighted
Supported Browsers: The browsers are compatible with HTTP Access-Control-Allow-Headers header are listed below:
- Google Chrome 4.0
- Internet Explorer 12.0
- Firefox 3.5
- Opera 12.0
- Safari 4.0
Note: *(wildcard) directive may not supported on Safari and Internet Explorer.
- HTTP headers | Access-Control-Expose-Headers
- HTTP headers | Age
- HTTP headers | Via
- HTTP headers | Allow
- HTTP headers
- HTTP Headers | TE
- HTTP headers | Want-Digest
- HTTP headers | Last-Modified
- HTTP headers | Expect
- HTTP headers | Cookie
- HTTP headers | Date
- HTTP headers | Range
- HTTP headers | Set-Cookie
- HTTP headers | Retry-After
- HTTP headers | Digest
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to email@example.com. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.