Glossary of Security Terms: CORS-Safelisted Response Header

Written by mozilla | Published 2020/08/21
Tech Story Tags: beginners | security-terms | mozilla | hackernoon-top-story | password-protection | backend | web-development | security

TLDR A CORS-safelisted response header is an HTTP header which has been safelisted so that it will not be filtered when responses are processed by CORS. By default, the safelist includes the following response headers.Extending the saflist can extend the list of headers by using the "Access-Control-Expose-Headers" header: X-Custom-header, Content-Length. Additionally, you can add the "X-Custom Header" header to the list.via the TL;DR App
A CORS-safelisted response header is an HTTP header which has been safelisted so that it will not be filtered when responses are processed by CORS, since they're considered safe (as the headers listed in 
Access-Control-Expose-Headers
). By default, the safelist includes the following response headers:

Examples

Extending the safelist
You can extend the list of CORS-safelisted response headers by using the 
Access-Control-Expose-Headers
 header:
Access-Control-Expose-Headers: X-Custom-Header, Content-Length

View Previous Terms:

Credits

Written by mozilla | Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape.
Published by HackerNoon on 2020/08/21
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy