Access-Control-Request-Headers

Description

The Access-Control-Request-Headers header is automatically sent by the browser during preflight requests. Lists the headers that will be included in the actual request, allowing the server to approve or deny them.

Syntax & allowed values

  • Access-Control-Request-Headers: <header-name>, <header-name>, ...

Code examples

CLIENT

// When you make a request with custom headers:
fetch('https://api.example.com/data', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-Custom-Header': 'value'
  }
});

// Browser automatically sends preflight with:
// Access-Control-Request-Headers: content-type, x-custom-header

Frequently asked questions

Do I need to set this header manually?

No, the browser automatically sends this header during preflight requests based on the headers in your actual request.

When is this header sent?

During preflight requests when your request includes custom headers or uses certain methods that require CORS preflight.

Tired of CORS errors?

Corsfix enables you to fetch any API without getting CORS issues, allowing you to focus on building your application.

Try Corsfix free