Access-Control-Request-Headers
{{HTTPSidebar}}
The HTTP Access-Control-Request-Headers {{Glossary("request header")}} is used by browsers when issuing a {{glossary("preflight request")}} to let the server know which HTTP headers the client might send when the actual request is made (such as with {{domxref("Window/fetch", "fetch()")}} or {{domxref("XMLHttpRequest.setRequestHeader()")}} ). The complementary server-side header of {{HTTPHeader("Access-Control-Allow-Headers")}} will answer this browser-side header.
| Header type | `{{Glossary("Request header")}}` |
|---|---|
| `{{Glossary("Forbidden header name")}}` | Yes |
Syntax
Access-Control-Request-Headers: <header-name>,<header-name>,…
Directives
<header-name>- : A sorted list of unique, comma-separated, lowercase HTTP headers that are included in the request.
Examples
Access-Control-Request-Headers: content-type,x-pingother
Specifications
{{Specifications}}
Browser compatibility
{{Compat}}
See also
{{HTTPHeader("Access-Control-Request-Method")}}