HTTP headers | Access-Control-Allow-Headers.

The HTTP Access-Control-Allow-Headers header is a response-type header that is used to indicate the HTTP headers. It can be used during a request and is used in response to a CORS preflight request, that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers, which includes the Access-Control-Request-Headers HTTP header.


Access-Control-Allow-Headers: <header-name>

Note:Multiple headers can be used.

Directives: This header accepts two directives described below:

  • <header-name>: It specifies the supported request header. If there are multiple headers in use we separate them using commas.
  • *(wildcard): It is used for requests without HTTP cookies or HTTP authentication information. It should be noted that the Authorization header cannot be wild-carded and needs explicit mentioning.


  • When there is just one header
    Access-Control-Allow-Headers: Proxy-Authorization
  • When there are multiple headers
    Access-Control-Allow-Headers: Proxy-Authorization, Max-Forwards
  • To check the Access-Control-Allow-Headers header, go to Inspect Element -> Network. Check the response header like below Access-Control-Allow-Headers is highlighted

    Supported Browsers: The browsers are compatible with HTTP Access-Control-Allow-Headers header are listed below:

    • Google Chrome 4.0
    • Internet Explorer 12.0
    • Firefox 3.5
    • Opera 12.0
    • Safari 4.0

    Note: *(wildcard) directive may not supported on Safari and Internet Explorer.

    My Personal Notes arrow_drop_up

    Check out this Author's contributed articles.

    If you like GeeksforGeeks and would like to contribute, you can also write an article using or mail your article to See your article appearing on the GeeksforGeeks main page and help other Geeks.

    Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.

    Article Tags :

    Be the First to upvote.

    Please write to us at to report any issue with the above content.