1. Web
  2. HTTP
  3. Reference
  4. Headers
  5. Access-Control-Request-Headers

Access-Control-Request-Headers header

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since ⁨July 2015⁩.

The HTTP Access-Control-Request-Headers request header is used by browsers when issuing a preflight request to let the server know which HTTP headers the client might send when the actual request is made (such as with fetch() or XMLHttpRequest.setRequestHeader()). The complementary server-side header of Access-Control-Allow-Headers will answer this browser-side header.

Header type Request header
Forbidden request header Yes

Syntax

http
Access-Control-Request-Headers: <header-name>,<header-name>,…

Directives

<header-name>

A sorted list of unique, comma-separated, lowercase HTTP headers that are included in the request.

Examples

http
Access-Control-Request-Headers: content-type,x-pingother

Specifications

Specification
Fetch
# http-access-control-request-headers

Browser compatibility

See also

Help improve MDN

Learn how to contribute

This page was last modified on by MDN contributors.

View this page on GitHubReport a problem with this content