Before you go, check out these stories!

0
Hackernoon logoGlossary of Security Terms: CORS-Safelisted Response Header by@mozilla

Glossary of Security Terms: CORS-Safelisted Response Header

Author profile picture

@mozillaMozilla Contributors

Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape.

A CORS-safelisted response header is an HTTP header which has been safelisted so that it will not be filtered when responses are processed by CORS, since they're considered safe (as the headers listed in

Access-Control-Expose-Headers
). By default, the safelist includes the following response headers:

Examples

Extending the safelist

You can extend the list of CORS-safelisted response headers by using the

Access-Control-Expose-Headers
header:

Access-Control-Expose-Headers: X-Custom-Header, Content-Length

View Previous Terms:

Credits

Author profile picture

@mozillaMozilla Contributors

Read my stories

Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape.

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.