HTTP headers | Access-Control-Allow-Headers.

The HTTP Access-Control-Allow-Headers header is a response-type header that is used to indicate the HTTP headers. It can be used during a request and is used in response to a CORS preflight request, that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers, which includes the Access-Control-Request-Headers HTTP header.

Syntax:

Access-Control-Allow-Headers: <header-name>

Note:Multiple headers can be used.

Directives: This header accepts two directives described below:

• <header-name>: It specifies the supported request header. If there are multiple headers in use we separate them using commas.
• *(wildcard): It is used for requests without HTTP cookies or HTTP authentication information. It should be noted that the Authorization header cannot be wild-carded and needs explicit mentioning.

Examples:

Access-Control-Allow-Headers: Proxy-Authorization

Access-Control-Allow-Headers: Proxy-Authorization, Max-Forwards

To check the Access-Control-Allow-Headers header, go to Inspect Element -> Network. Check the response header like below Access-Control-Allow-Headers is highlighted

Supported Browsers: The browsers are compatible with HTTP Access-Control-Allow-Headers header are listed below:

• Google Chrome 4.0
• Internet Explorer 12.0
• Firefox 3.5
• Opera 12.0
• Safari 4.0

Note: *(wildcard) directive may not supported on Safari and Internet Explorer.