Too Long; Didn't Read
A CORS-safelisted request header is one of the following HTTP headers. A request doesn't need to send a preflight request in the context of CORS. The headers must meet the additional requirements laid out below. They must also fulfill the following requirements in order to be a request header: For example, the value’s length can't be greater than 128. For example: For a request, the header can't contain a header byte: Delete, Delete, Tab and control characters: 0x00 to 0x19.