Skip to content
Related Articles
Get the best out of our app
GeeksforGeeks App
Open App
geeksforgeeks
Browser
Continue

Related Articles

HTTP headers | Access-Control-Allow-Headers.

Improve Article
Save Article
Like Article
author
harshcooldude700
proficient
32 published articles
Improve Article
Save Article
Like Article

The HTTP Access-Control-Allow-Headers header is a response-type header that is used to indicate the HTTP headers. It can be used during a request and is used in response to a CORS preflight request, that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers, which includes the Access-Control-Request-Headers HTTP header.

Syntax:

Access-Control-Allow-Headers: <header-name>

Note:Multiple headers can be used.

Directives: This header accepts two directives described below:

  • <header-name>: It specifies the supported request header. If there are multiple headers in use we separate them using commas.
  • *(wildcard): It is used for requests without HTTP cookies or HTTP authentication information. It should be noted that the Authorization header cannot be wild-carded and needs explicit mentioning.

Examples:

  • When there is just one header
    Access-Control-Allow-Headers: Proxy-Authorization
  • When there are multiple headers
    Access-Control-Allow-Headers: Proxy-Authorization, Max-Forwards

    • To check the Access-Control-Allow-Headers header, go to Inspect Element -> Network. Check the response header like below Access-Control-Allow-Headers is highlighted

    Supported Browsers: The browsers are compatible with HTTP Access-Control-Allow-Headers header are listed below:

    • Google Chrome 4.0
    • Internet Explorer 12.0
    • Firefox 3.5
    • Opera 12.0
    • Safari 4.0

    Note: *(wildcard) directive may not supported on Safari and Internet Explorer.

    My Personal Notes arrow_drop_up
    Last Updated : 19 Nov, 2019
    Like Article
    Save Article
    Similar Reads
    1. HTTP headers | Access-Control-Allow-Credentials
    2. HTTP headers | Access-Control-Allow-Origin
    3. HTTP headers | Access-Control-Allow-Methods
    4. HTTP headers | Access-Control-Expose-Headers
    5. HTTP headers | Access-Control-Request-Headers
    6. HTTP headers | Allow
    7. HTTP headers | Timing-Allow-Origin
    8. HTTP headers | Access-Control-Max-Age
    9. HTTP headers | Access-Control-Request-Method
    10. No 'Access-Control-Allow-Origin' header is present on the requested resource Error, while Postman does not?
    Related Tutorials
    1. Spring MVC Tutorial
    2. Spring Boot Tutorial
    3. Java 8 Features - Complete Tutorial
    4. Onsen UI
    5. React Material UI
    Previous
    How to add HTTP headers 'X-Frame-Options' on iframe ?
    Next
    HTTP headers | Access-Control-Request-Headers
    Article Contributed By :
    https://media.geeksforgeeks.org/auth/avatar.png
    harshcooldude700
    harshcooldude700
    Vote for difficulty
    Current difficulty : Basic
    Article Tags :
    Report Issue
    We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
    Lightbox