A is an which has been safelisted so that it will not be filtered when responses are processed by CORS, since they're considered (as the headers listed in ). By default, the safelist includes the following response headers: CORS-safelisted response header HTTP header safe Access-Control-Expose-Headers Cache-Control Content-Language Content-Type Expires Last-Modified Pragma Examples Extending the safelist You can extend the list of CORS-safelisted response headers by using the header: Access-Control-Expose-Headers : X-Custom-Header, Content-Length Access-Control-Expose-Headers View Previous Terms: Block cipher mode of operation Certificate authority Challenge-response authentication Cipher Cipher suite Ciphertext CORS CORS-safelisted request header Cross-site scripting Cryptanalysis Cryptographic hash function Cryptography CSP CSRF Decryption Digital certificate DTLS (Datagram Transport Layer Security) Encryption Forbidden header name Forbidden response header name Hash HMAC HPKP HSTS HTTPS Key MitM OWASP Preflight request Public-key cryptography Reporting directive Robots.txt Same-origin policy Session Hijacking SQL Injection Symmetric-key cryptography TOFU Transport Layer Security (TLS) Credits Source: https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_response_header Published under license Open CC Attribution ShareAlike 3.0

Mozilla

Read My Stories

Too Long; Didn't Read

Time to reimagine the web - Stark Space, Devcon

Glossary of Security Terms: CORS-Safelisted Response Header

Too Long; Didn't Read

Company Mentioned

Examples

View Previous Terms:

Credits

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

Glossary of Security Terms: CORS-Safelisted Response Header

Too Long; Didn't Read

Company Mentioned

Examples

View Previous Terms:

Credits

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES