The HTTP Access-Control-Expose-Headers header is a response header that is used to expose the headers that have been mentioned in it. By default 6 response headers are already exposed which are known as CORS-safelisted response headers. They are namely- Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma.
Note: Multiple headers can be used.
- <header-name>: It specifies the header that needs to be exposed other than the safe listed headers specified by CORS. If there are multiple headers in use we separate them using commas.
- *(wildcard): It is used for requests without HTTP cookies or HTTP authentication information. It should be noted that the Authorization header cannot be wildcarded and needs explicit mentioning.
- In this example, the Accept-Language HTTP header is exposed. It can be noted that it is a non-CORS safe listed header.
- In this example, the Authorization HTTP header was needed to be mentioned explicitly as it can’t be wild-carded normally.
Access-Control-Expose-Headers: *, Authorization
Supported Browsers: The browsers are compatible with HTTP header Access-Control-Expose-Headers are listed below:
- Google Chrome 4.0
- Internet Explorer 12.0
- Opera 12.0
- Firefox 3.5
- Safari 4.0
Note: *(wildcard) directive may not supported on Safari and Internet Explorer.
- HTTP headers | Access-Control-Allow-Headers.
- HTTP headers | Access-Control-Request-Headers
- HTTP headers | Location
- HTTP headers | User-Agent
- HTTP headers | Link
- HTTP headers | Save-Data
- HTTP headers | Content-Type
- HTTP headers | X-Forwarded-Proto
- HTTP headers | X-XSS-Protection
- HTTP headers | X-Frame-Options
- HTTP headers | Last-Modified
- HTTP headers | Date
- HTTP headers | Cookie
- HTTP headers | Strict-Transport-Security
- HTTP headers | Expect
- HTTP headers | Accept-Encoding
- HTTP headers | Proxy-Authenticate
- HTTP headers | Content-Range
- HTTP headers | Content-Encoding
- HTTP headers | Content-Language
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to email@example.com. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.