A forbidden header name is the name of any that cannot be modified programmatically; specifically, an HTTP header name (in contrast with a ). HTTP header request Forbidden response header name Modifying such headers is forbidden because the user agent retains full control over them. Names starting with are reserved for creating new headers safe from using that grant developers control over headers, such as . `Sec-` APIs Fetch XMLHttpRequest Forbidden header names start with or , or are one of the following names: Proxy- Sec- Accept-Charset Accept-Encoding Access-Control-Request-Headers Access-Control-Request-Method Connection Content-Length Cookie Cookie2 Date DNT Expect Feature-Policy Host Keep-Alive Origin Proxy- Sec- Referer TE Trailer Transfer-Encoding Upgrade Via : The header is no longer forbidden, — see forbidden header name list (this was implemented in Firefox 43) — it can now be set in a Fetch object, or via XHR . However, Chrome will silently drop the header from Fetch requests (see ). Note User-Agent as per spec Headers setRequestHeader() Chromium bug 571722 View Previous Terms: Block cipher mode of operation Certificate authority Challenge-response authentication Cipher Cipher suite Ciphertext CORS CORS-safelisted request header CORS-safelisted response header Cross-site scripting Cryptanalysis Cryptographic hash function Cryptography CSP CSRF Decryption Digital certificate DTLS (Datagram Transport Layer Security) Encryption Forbidden response header name Hash HMAC HPKP HSTS HTTPS Key MitM OWASP Preflight request Public-key cryptography Reporting directive Robots.txt Same-origin policy Session Hijacking SQL Injection Symmetric-key cryptography TOFU Transport Layer Security (TLS) Credits Source: https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name Published under license Open CC Attribution ShareAlike 3.0

Fetch

Mozilla

Glossary of Security Terms: Forbidden Response Header Name

Glossary of Security Terms: Datagram Transport Layer Security

Read My Stories

Too Long; Didn't Read

Boost your HackerNoon story @ $159.99! 🚀

Glossary of Security Terms: Forbidden Header Name

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

A Quick Introduction to the Resize Observer API

10 Cool CI/CD Tools For Your Project

27 Stories To Learn About Ssl

20 Essential Backend Tools For Developers

3 Most Common Ways to Connect your Node and React Applications

369 Stories To Learn About Database

A Quick Introduction to the Resize Observer API

10 Cool CI/CD Tools For Your Project

27 Stories To Learn About Ssl

20 Essential Backend Tools For Developers

3 Most Common Ways to Connect your Node and React Applications

369 Stories To Learn About Database

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps