paint-brush
Glossary of Security Terms: CORS-Safelisted Response Headerby@mozilla
137 reads

Glossary of Security Terms: CORS-Safelisted Response Header

by Mozilla ContributorsAugust 21st, 2020
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

A CORS-safelisted response header is an HTTP header which has been safelisted so that it will not be filtered when responses are processed by CORS. By default, the safelist includes the following response headers.Extending the saflist can extend the list of headers by using the "Access-Control-Expose-Headers" header: X-Custom-header, Content-Length. Additionally, you can add the "X-Custom Header" header to the list.

Company Mentioned

Mention Thumbnail
featured image - Glossary of Security Terms: CORS-Safelisted Response Header
Mozilla Contributors HackerNoon profile picture

A CORS-safelisted response header is an HTTP header which has been safelisted so that it will not be filtered when responses are processed by CORS, since they're considered safe (as the headers listed in

Access-Control-Expose-Headers
). By default, the safelist includes the following response headers:

Examples

Extending the safelist

You can extend the list of CORS-safelisted response headers by using the

Access-Control-Expose-Headers
header:

Access-Control-Expose-Headers: X-Custom-Header, Content-Length

View Previous Terms:

Credits