Simple response header

A simple response header (or a CORS-safelisted response header) is an HTTP header that is one of the following:

Cache-Control
Content-Language
Content-Type
Expires
Last-Modified
Pragma

These headers will not be filtered when the response is filtered by CORS, they are considered as safe (as the headers listed in Access-Control-Expose-Headers.

Examples

Extending the safelist

You can extend the list of CORS-safelisted response headers by using the Access-Control-Expose-Headers header:

Access-Control-Expose-Headers: X-Custom-Header, Content-Length

Learn more

HTTP
HTTP headers
Access-Control-Expose-Headers
CORS
Simple header
Forbidden header name
Request header

Document Tags and Contributors

Tags:

CORS
HTTP

Contributors to this page: teoli, fscholz

Last updated by: teoli, Oct 19, 2016, 6:54:46 AM