Open In App

HTTP headers | Access-Control-Request-Headers

Last Updated : 27 Feb, 2020
Improve
Improve
Like Article
Like
Save
Share
Report

Access-Control-Request-Headers is a request-type header used by browsers that contains information about the different HTTP headers that will be sent by the client in the ensuing request. Whenever a client initiates a request to a server, the browser checks if the request needs a CORS preflight or not. In case a CORS preflight request is required, the browser uses the HTTP Options method to send a request with a bunch of headers attached with it containing information about certain characteristics of the ensuing request. One of these characteristics is the different headers that the request might contain. This information is stored in the Access-Control-Request-Headers header of the preflight request.

Syntax:

Access-Control-Request-Headers: header-name-1, header-name-2, ...

Directives: The Access-Control-Request-Headers header accepts a single directive as mentioned above and described below:

  • header-name: A comma-separated list of header names that will be attached to the ensuing request.

Below example illustrate the Access-Control-Request-Headers in http headers.
Example: Consider the following code to send a XHR request from the browser.

const xhr = new XMLHttpRequest();

xhr.open('POST', 'https://samplepostroute/');
xhr.setRequestHeader('X-PINGOTHER', 'pingpong');
xhr.setRequestHeader('Content-Type',
           'application/x-www-form-urlencoded');
xhr.onreadystatechange = handler;

xhr.send("id=100");

The request will contain Content-Type and X-PINGOTHER HTTP headers. Before sending the POST request, the browser will send a CORS preflight request. The CORS preflight request will contain the following header. In this manner, the server is informed about the different headers which might be present in the ensuing client request.

Access-Control-Request-Headers: X-PINGOTHER, Content-Type

Supported Browsers: The following browsers are compatible with the Access-Control-Request-Headers header functionality:

  • Google Chrome 4.0
  • Firefox Browser 3.5
  • Internet Explorer 10.0
  • Opera 12.0
  • Safari 4.0

Like Article
Suggest improvement
Previous
HTTP headers | Range
Next
HTTP headers | Keep-Alive
Share your thoughts in the comments

Similar Reads

HTTP headers | Access-Control-Request-Method
HTTP headers | Access-Control-Expose-Headers
HTTP headers | Access-Control-Allow-Headers.
HTTP headers | Access-Control-Allow-Credentials
HTTP headers | Access-Control-Allow-Origin
HTTP headers | Access-Control-Max-Age
HTTP headers | Access-Control-Allow-Methods
HTTP Request vs HapiJS Request in Node.js
Will the 'error' event ever be emitted on 'http.IncomingMessage' in a node.js http.request ?
HTTP headers | X-DNS-Prefetch-Control

C
codzilla
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox