Access-Control-Request-Headers

The HTTP Access-Control-Request-Headers request header is sent by the client to indicate which HTTP headers it might send during the subsequent HTTP request.

Usage

The Access-Control-Request-Headers request header is part of the CORS protocol to allow cross-origin sharing, and it is sent as part of a preflight request to indicate which HTTP headers it may use during the actual HTTP request. The server’s response will include the Access-Control-Allow-Headers response, indicating whether they can be accepted.

Example

In this example, the client sends a preflight request using HTTP OPTIONS method and indicates that it will be using the HTTP Content-Type and X-User-Addr headers. The server responds to a previous HTTP request that was made by the client. As part of it, the Access-Control-Request-Headers response header is included to indicate that Content-Type and the customer X-User-Addr headers are supported.

Request

OPTIONS /
Access-Control-Request-Headers: Content-Type, X-User-Addr

Response

HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type, X-User-Addr

Takeaway

The Access-Control-Request-Headers request header is sent by the client during a preflight request to suggest what HTTP headers will be needed during the actual HTTP request.

See also

Last updated: June 29, 2022