Access-Control-Expose-Headers Header
Table of Content
The Access-Control-Expose-Headers header is used in an HTTP response to indicate which headers can be exposed to the API of a web page making a cross-origin request. It enables the browser to access certain headers beyond the six permissible ones: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified and Pragma.
Syntax
Access-Control-Expose-Headers: <header-name>[, <header-name>]*Directives
The Access-Control-Expose-Headers header uses directives in a comma-separated list. Each directive is a response header name, excluding the simple response headers.
Examples
Example of how to set the Access-Control-Expose-Headers header:
Access-Control-Expose-Headers: X-My-Custom-Header, X-Another-Custom-HeaderBrowser Compatibility
| Browser | Compatibility |
|---|---|
| Chrome | Supported |
| Firefox | Supported |
| Safari | Supported |
| Opera | Supported |
| Edge | Supported |
How to modify Access-Control-Expose-Headers header
ModHeader is a Chrome extension that can add, modify, and remove HTTP request headers. To modify the Access-Control-Expose-Headers header, you need to follow these steps:
- Install ModHeader from the Chrome Web Store.
- Click on the ModHeader icon in the top-right corner of your Chrome browser.
- In the Request Headers section, input
Access-Control-Expose-Headersin theNamecolumn. - In the same row, input the headers you would like to be accessible in the
Valuecolumn, for exampleX-My-Custom-Header, X-Another-Custom-Header. - The changes will take effect immediately.
This way, the Access-Control-Expose-Headers header can be easily modified within the browser, and ensures proper communication in a cross-origin context by exposing the required response headers.