Revision 1132029 of Simple response header

Revision slug: Glossary/Simple_response_header
Revision title: Simple response header
Revision id: 1132029
Created: Oct 19, 2016, 6:54:46 AM
Creator: teoli
Is current revision? Yes
Comment

Tags:

CORS
HTTP

Revision Content

A simple response header (or a CORS-safelisted response header) is an HTTP header that is one of the following:

{{HTTPHeader("Cache-Control")}}
{{HTTPHeader("Content-Language")}}
{{HTTPHeader("Content-Type")}}
{{HTTPHeader("Expires")}}
{{HTTPHeader("Last-Modified")}}
{{HTTPHeader("Pragma")}}

These headers will not be filtered when the response is filtered by CORS, they are considered as safe (as the headers listed in {{HTTPHeader("Access-Control-Expose-Headers")}}.

Examples

Extending the safelist

You can extend the list of CORS-safelisted response headers by using the {{HTTPHeader("Access-Control-Expose-Headers")}} header:

Access-Control-Expose-Headers: X-Custom-Header, Content-Length

Learn more

HTTP
HTTP headers
{{HTTPHeader("Access-Control-Expose-Headers")}}
{{Glossary("CORS")}}
{{Glossary("Simple header")}}
{{Glossary("Forbidden header name")}}
{{Glossary("Request header")}}

Revision Source

<p>A <em><dfn>simple response header</dfn></em> (or a <em>CORS-safelisted response header</em>) is an <a href="/en-US/docs/Web/HTTP/Headers">HTTP header</a> that is one of the following:</p>

<ul>
 <li>{{HTTPHeader("Cache-Control")}}</li>
 <li>{{HTTPHeader("Content-Language")}}</li>
 <li>{{HTTPHeader("Content-Type")}}</li>
 <li>{{HTTPHeader("Expires")}}</li>
 <li>{{HTTPHeader("Last-Modified")}}</li>
 <li>{{HTTPHeader("Pragma")}}</li>
</ul>

<p>These headers will not be filtered when the response is filtered by CORS, they are considered as <em>safe</em> (as the headers listed in {{HTTPHeader("Access-Control-Expose-Headers")}}.</p>

<h2 id="Examples">Examples</h2>

<h3 id="Extending_the_safelist">Extending the safelist</h3>

<p>You can extend the list of CORS-safelisted response headers by using the {{HTTPHeader("Access-Control-Expose-Headers")}} header:</p>

<pre>
Access-Control-Expose-Headers: X-Custom-Header, Content-Length</pre>

<h2 id="Learn_more">Learn more</h2>

<ul>
 <li><a href="/en-US/docs/Web/HTTP">HTTP</a></li>
 <li><a href="/en-US/docs/Web/HTTP/Headers">HTTP headers</a></li>
 <li>{{HTTPHeader("Access-Control-Expose-Headers")}}</li>
 <li>{{Glossary("CORS")}}</li>
 <li>{{Glossary("Simple header")}}</li>
 <li>{{Glossary("Forbidden header name")}}</li>
 <li>{{Glossary("Request header")}}</li>
</ul>

Revert to this revision