Access-Control-Expose-Headers Header

Table of Content

The Access-Control-Expose-Headers header is used in an HTTP response to indicate which headers can be exposed to the API of a web page making a cross-origin request. It enables the browser to access certain headers beyond the six permissible ones: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified and Pragma.


Access-Control-Expose-Headers: <header-name>[, <header-name>]*


The Access-Control-Expose-Headers header uses directives in a comma-separated list. Each directive is a response header name, excluding the simple response headers.


Example of how to set the Access-Control-Expose-Headers header:

Access-Control-Expose-Headers: X-My-Custom-Header, X-Another-Custom-Header

Browser Compatibility

Browser Compatibility
Chrome Supported
Firefox Supported
Safari Supported
Opera Supported
Edge Supported

How to modify Access-Control-Expose-Headers header

ModHeader is a Chrome extension that can add, modify, and remove HTTP request headers. To modify the Access-Control-Expose-Headers header, you need to follow these steps:

  1. Install ModHeader from the Chrome Web Store.
  2. Click on the ModHeader icon in the top-right corner of your Chrome browser.
  3. In the Request Headers section, input Access-Control-Expose-Headers in the Name column.
  4. In the same row, input the headers you would like to be accessible in the Value column, for example X-My-Custom-Header, X-Another-Custom-Header.
  5. The changes will take effect immediately.

This way, the Access-Control-Expose-Headers header can be easily modified within the browser, and ensures proper communication in a cross-origin context by exposing the required response headers.