A CORS-safelisted response header is an HTTP header which has been safelisted so that it will not be filtered when responses are processed by CORS, since they're considered safe (as the headers listed in
Access-Control-Expose-Headers
). By default, the safelist includes the following response headers:Examples
Extending the safelist
You can extend the list of CORS-safelisted response headers by using the
Access-Control-Expose-Headers
header:Access-Control-Expose-Headers: X-Custom-Header, Content-Length
View Previous Terms:
- Block cipher mode of operation
- Certificate authority
- Challenge-response authentication
- Cipher
- Cipher suite
- Ciphertext
- CORS
- CORS-safelisted request header
- Cross-site scripting
- Cryptanalysis
- Cryptographic hash function
- Cryptography
- CSP
- CSRF
- Decryption
- Digital certificate
- DTLS (Datagram Transport Layer Security)
- Encryption
- Forbidden header name
- Forbidden response header name
- Hash
- HMAC
- HPKP
- HSTS
- HTTPS
- Key
- MitM
- OWASP
- Preflight request
- Public-key cryptography
- Reporting directive
- Robots.txt
- Same-origin policy
- Session Hijacking
- SQL Injection
- Symmetric-key cryptography
- TOFU
- Transport Layer Security (TLS)
Credits
- Source: https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_response_header
- Published under Open CC Attribution ShareAlike 3.0 license