Access-Control-Allow-Headers response header is used in response to a preflight request which includes the
Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request.
This header is required if the request has an
Note: CORS-safelisted request headers are always allowed and usually aren't listed in
Access-Control-Allow-Headers (unless there is a need to circumvent the safelist additional restrictions).
|Header type||Response header|
|Forbidden header name||no|