Please note, this is a STATIC archive of website developer.mozilla.org from 03 Nov 2016, cach3.com does not collect or store any user information, there is no "phishing" involved.
Your Search Results

    Forbidden header name

    A forbidden header name is an HTTP header name that cannot be modified programmatically.

    These are forbidden, so the user agent retains full control over them. Names starting with `Sec-` are reserved for creating new headers safe from APIs using Fetch that grant developers control over headers, such as XMLHttpRequest.

    Forbidden headers names start with Proxy- or Sec-, or consists of one of these:

    • Accept-Charset
    • Accept-Encoding
    • Access-Control-Request-Headers
    • Access-Control-Request-Method
    • Connection
    • Content-Length
    • Cookie
    • Cookie2
    • Date
    • DNT
    • Expect
    • Host
    • Keep-Alive
    • Origin
    • Proxy-
    • Sec-
    • Referer
    • TE
    • Trailer
    • Transfer-Encoding
    • Upgrade
    • Via

    Note: The User-Agent header is no longer forbidden, as per spec — see forbidden header name list (this was implemented in Firefox 43,) so can now be set in a Fetch Headers object, via XHR setRequestHeader(), etc.

    Document Tags and Contributors

    Tags: 
     Contributors to this page: fscholz, chrisdavidmills, Andrew_Pfeiffer, kscarfone
     Last updated by: fscholz,