A forbidden response header name is an name (either ` ` or ` `) that cannot be modified programmatically. HTTP header Set-Cookie Set-Cookie2 Specifications View Previous Terms: Block cipher mode of operation Certificate authority Challenge-response authentication Cipher Cipher suite Ciphertext CORS CORS-safelisted request header CORS-safelisted response header Cross-site scripting Cryptanalysis Cryptographic hash function Cryptography CSP CSRF Decryption Digital certificate DTLS (Datagram Transport Layer Security) Encryption Forbidden header name Hash HMAC HPKP HSTS HTTPS Key MitM OWASP Preflight request Public-key cryptography Reporting directive Robots.txt Same-origin policy Session Hijacking SQL Injection Symmetric-key cryptography TOFU Transport Layer Security (TLS) Credits Source: https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_response_header_name Published under license Open CC Attribution ShareAlike 3.0