Simple response header

一个简单的响应头（或 CORS 安全列表的响应头）是一个 HTTP 头，它是以下之一：

Cache-Control
Content-Language
Content-Length
Content-Type
Expires
Last-Modified
Pragma

These headers will not be filtered when the response is filtered by CORS, they are considered as safe (as the headers listed in Access-Control-Expose-Headers.

Examples

Extending the safelist

You can extend the list of CORS-safelisted response headers by using the Access-Control-Expose-Headers header:

Access-Control-Expose-Headers: X-Custom-Header, Content-Length

Learn more

HTTP
HTTP headers
Access-Control-Expose-Headers
CORS
Simple header
Forbidden header name
Request header