Skip to content
Related Articles
Get the best out of our app
GeeksforGeeks App
Open App

Related Articles

HTTP headers | Access-Control-Allow-Headers.

Improve Article
Save Article
Like Article
Improve Article
Save Article
Like Article

The HTTP Access-Control-Allow-Headers header is a response-type header that is used to indicate the HTTP headers. It can be used during a request and is used in response to a CORS preflight request, that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers, which includes the Access-Control-Request-Headers HTTP header.


Access-Control-Allow-Headers: <header-name>

Note:Multiple headers can be used.

Directives: This header accepts two directives described below:

  • <header-name>: It specifies the supported request header. If there are multiple headers in use we separate them using commas.
  • *(wildcard): It is used for requests without HTTP cookies or HTTP authentication information. It should be noted that the Authorization header cannot be wild-carded and needs explicit mentioning.


  • When there is just one header
    Access-Control-Allow-Headers: Proxy-Authorization
  • When there are multiple headers
    Access-Control-Allow-Headers: Proxy-Authorization, Max-Forwards
  • To check the Access-Control-Allow-Headers header, go to Inspect Element -> Network. Check the response header like below Access-Control-Allow-Headers is highlighted

    Supported Browsers: The browsers are compatible with HTTP Access-Control-Allow-Headers header are listed below:

    • Google Chrome 4.0
    • Internet Explorer 12.0
    • Firefox 3.5
    • Opera 12.0
    • Safari 4.0

    Note: *(wildcard) directive may not supported on Safari and Internet Explorer.

    My Personal Notes arrow_drop_up
    Last Updated : 19 Nov, 2019
    Like Article
    Save Article
    Similar Reads
    Related Tutorials