Access-Control-Request-Headers Header

Table of Content

The Access-Control-Request-Headers header is used when issuing a preflight request to let the server know what HTTP headers will be used when an actual request is made. This is part of the Cross-Origin Resource Sharing (CORS) mechanism that web browsers implement to assure security on the web. CORS controls the interactions between a web browser and a web server in a secure way if they do not originate from the same domain.


Access-Control-Request-Headers: <field-name>[, <field-name>]*


  • <field-name>: A case-insensitive list of HTTP header field names separated by commas ,.


Assuming a client application needs to set Content-Type and Accept-Language in its request, the preflight request would include:

Access-Control-Request-Headers: Content-Type, Accept-Language

Browser Compatibility

Browser Compatibility
Chrome Supported
Firefox Supported
Safari Supported
Opera Supported
Edge Supported

How to modify Access-Control-Request-Headers header

ModHeader is a Chrome extension that allows you to add, modify, and remove request headers in Chrome. This can be particularly useful for testing APIs by setting different headers. To modify the Access-Control-Request-Headers header:

  1. Install and click on the ModHeader icon in the Chrome toolbar.
  2. In the pop-up window, under "Request Headers", click on the "+" button.
  3. Enter "Access-Control-Request-Headers" in "Name" and the header you want to use in "Value" (e.g., "Content-Type, Accept-Language").

ModHeader will now add the Access-Control-Request-Headers to all requests made from your browser until you turn it off. This becomes extremely useful when testing CORS-enabled applications or APIs by manipulating the headers.