Glossary of Security Terms: CORS-Safelisted Response Header | Hacker Noon

Author profile picture

@mozillaMozilla Contributors

Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape.

A CORS-safelisted response header is an HTTP header which has been safelisted so that it will not be filtered when responses are processed by CORS, since they’re considered safe (as the headers listed in

Access-Control-Expose-Headers

). By default, the safelist includes the following response headers:

Examples

Extending the safelist

You can extend the list of CORS-safelisted response headers by using the

Access-Control-Expose-Headers

header:

Access-Control-Expose-Headers: X-Custom-Header, Content-Length

Credits

Author profile picture

Read my stories

Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape.

Tags

The Noonification banner

Subscribe to get your daily round-up of top tech stories!

read original article here