Access-Control-Expose-Headers Header
Table of Content
The Access-Control-Expose-Headers header is used in an HTTP response to indicate which headers can be exposed to the API of a web page making a cross-origin request. It enables the browser to access certain headers beyond the six permissible ones: Cache-Control
, Content-Language
, Content-Type
, Expires
, Last-Modified
and Pragma
.
Syntax
Access-Control-Expose-Headers: <header-name>[, <header-name>]*
Directives
The Access-Control-Expose-Headers header uses directives in a comma-separated list. Each directive is a response header name, excluding the simple response headers.
Examples
Example of how to set the Access-Control-Expose-Headers header:
Access-Control-Expose-Headers: X-My-Custom-Header, X-Another-Custom-Header
Browser Compatibility
Browser | Compatibility |
---|---|
Chrome | Supported |
Firefox | Supported |
Safari | Supported |
Opera | Supported |
Edge | Supported |
How to modify Access-Control-Expose-Headers header
ModHeader is a Chrome extension that can add, modify, and remove HTTP request headers. To modify the Access-Control-Expose-Headers header, you need to follow these steps:
- Install ModHeader from the Chrome Web Store.
- Click on the ModHeader icon in the top-right corner of your Chrome browser.
- In the Request Headers section, input
Access-Control-Expose-Headers
in theName
column. - In the same row, input the headers you would like to be accessible in the
Value
column, for exampleX-My-Custom-Header, X-Another-Custom-Header
. - The changes will take effect immediately.
This way, the Access-Control-Expose-Headers header can be easily modified within the browser, and ensures proper communication in a cross-origin context by exposing the required response headers.