A is one of the following : CORS-safelisted request header HTTP headers , Accept , Accept-Language , Content-Language Content-Type . When containing only these headers (and values that meet the additional requirements laid out below), a requests doesn't need to send a in the context of . preflight request CORS You can safelist more headers using the header and also list the above headers there to circumvent the following additional restrictions: Access-Control-Allow-Headers CORS-safelisted headers must also fulfill the following requirements in order to be a CORS-safelisted request header: Additional restrictions For and : can only have values consisting of , , , space or . Accept-Language Content-Language 0-9 A-Z a-z *,-.;= For and : can't contain a : , Delete, Tab and control characters: 0x00 to 0x19. Accept Content-Type CORS-unsafe request header byte "():<>?@[\]{} For : needs to have a MIME type of its parsed value (ignoring parameters) of either , , or . Content-Type application/x-www-form-urlencoded multipart/form-data text/plain For any header: the value’s length can't be greater than 128. Learn more CORS-safelisted response header Forbidden header name Request header View Previous Terms: Block cipher mode of operation Certificate authority Challenge-response authentication Cipher Cipher suite Ciphertext CORS CORS-safelisted response header Cross-site scripting Cryptanalysis Cryptographic hash function Cryptography CSP CSRF Decryption Digital certificate DTLS (Datagram Transport Layer Security) Encryption Forbidden header name Forbidden response header name Hash HMAC HPKP HSTS HTTPS Key MitM OWASP Preflight request Public-key cryptography Reporting directive Robots.txt Same-origin policy Session Hijacking SQL Injection Symmetric-key cryptography TOFU Transport Layer Security (TLS) Credits Source: https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_request_header Published under license Open CC Attribution ShareAlike 3.0

Mozilla

Glossary of Security Terms: CORS-Safelisted Response Header

Glossary of Security Terms: CORS

Read My Stories

Too Long; Didn't Read

CTA: Download the FREE AI Productivity Shift report

Glossary of Security Terms: CORS-Safelisted Request Header

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

A Quick Introduction to the Resize Observer API

10 Cool CI/CD Tools For Your Project

27 Stories To Learn About Ssl

20 Essential Backend Tools For Developers

3 Most Common Ways to Connect your Node and React Applications

A Quick Introduction to the Resize Observer API

10 Cool CI/CD Tools For Your Project

27 Stories To Learn About Ssl

20 Essential Backend Tools For Developers

3 Most Common Ways to Connect your Node and React Applications

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps