HTTPREF
← Back to headers

HTTP Header

Access-Control-Expose-Headers

CORS

Specifies which response headers are safe to expose to frontend JavaScript in cross-origin responses.

HTTP header reference, syntax, examples, and developer usage.

What is the Access-Control-Expose-Headers header?

The Access-Control-Expose-Headers HTTP header is used to transmit metadata between a client and server as part of HTTP requests or responses.

HTTP headers define how content should be interpreted, cached, authenticated, secured, or processed by browsers and APIs.

Direction

This header may appear in both HTTP requests and responses.

Syntax

Access-Control-Expose-Headers: header1, header2

Example

Access-Control-Expose-Headers: Content-Length, X-Request-Id

Common use cases

  • Exposing custom response headers to frontend code
  • CORS API integrations
  • Allowing JS access to metadata headers

Common mistakes

  • Using the header in the wrong request or response context
  • Sending invalid header values
  • Incorrect header syntax
  • Assuming the header automatically changes server behaviour

Related headers

access-control-allow-origincontent-lengthx-request-id