A CORS-safelisted response header is an HTTP header which has been safelisted so that it will not be filtered when responses are processed by CORS, since they're considered safe (as the headers listed in
Access-Control-Expose-HeadersExamples
Extending the safelist
You can extend the list of CORS-safelisted response headers by using the
Access-Control-Expose-HeadersAccess-Control-Expose-Headers: X-Custom-Header, Content-LengthView Previous Terms:
- Block cipher mode of operation
- Certificate authority
- Challenge-response authentication
- Cipher
- Cipher suite
- Ciphertext
- CORS
- CORS-safelisted request header
- Cross-site scripting
- Cryptanalysis
- Cryptographic hash function
- Cryptography
- CSP
- CSRF
- Decryption
- Digital certificate
- DTLS (Datagram Transport Layer Security)
- Encryption
- Forbidden header name
- Forbidden response header name
- Hash
- HMAC
- HPKP
- HSTS
- HTTPS
- Key
- MitM
- OWASP
- Preflight request
- Public-key cryptography
- Reporting directive
- Robots.txt
- Same-origin policy
- Session Hijacking
- SQL Injection
- Symmetric-key cryptography
- TOFU
- Transport Layer Security (TLS)
Credits
- Source: https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_response_header
- Published under Open CC Attribution ShareAlike 3.0 license