diff options
| author | Peter Bengtsson <mail@peterbe.com> | 2020-12-08 14:41:15 -0500 |
|---|---|---|
| committer | Peter Bengtsson <mail@peterbe.com> | 2020-12-08 14:41:15 -0500 |
| commit | 4b1a9203c547c019fc5398082ae19a3f3d4c3efe (patch) | |
| tree | d4a40e13ceeb9f85479605110a76e7a4d5f3b56b /files/ar/glossary/forbidden_header_name | |
| parent | 33058f2b292b3a581333bdfb21b8f671898c5060 (diff) | |
| download | translated-content-4b1a9203c547c019fc5398082ae19a3f3d4c3efe.tar.gz translated-content-4b1a9203c547c019fc5398082ae19a3f3d4c3efe.tar.bz2 translated-content-4b1a9203c547c019fc5398082ae19a3f3d4c3efe.zip | |
initial commit
Diffstat (limited to 'files/ar/glossary/forbidden_header_name')
| -rw-r--r-- | files/ar/glossary/forbidden_header_name/index.html | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/files/ar/glossary/forbidden_header_name/index.html b/files/ar/glossary/forbidden_header_name/index.html new file mode 100644 index 0000000000..12776e896f --- /dev/null +++ b/files/ar/glossary/forbidden_header_name/index.html @@ -0,0 +1,51 @@ +--- +title: Forbidden header name +slug: Glossary/Forbidden_header_name +translation_of: Glossary/Forbidden_header_name +--- +<p>A <dfn>forbidden header name</dfn> is the name of any <a href="/en-US/docs/Web/HTTP/Headers">HTTP header</a> that cannot be modified programmatically; specifically, an HTTP <strong>request</strong> header name (in contrast with a {{Glossary("Forbidden response header name")}}).</p> + +<p>Modifying such headers is forbidden because the user agent retains full control over them. Names starting with `<code title="">Sec-</code>` are reserved for creating new headers safe from {{glossary("API","APIs")}} using <a href="/en-US/docs/Web/API/Fetch_API">Fetch</a> that grant developers control over headers, such as {{domxref("XMLHttpRequest")}}.</p> + +<p>Forbidden header names start with <code>Proxy-</code> or <code>Sec-</code>, or are one of the following names:</p> + +<ul class="brief"> + <li><code title="">Accept-Charset</code></li> + <li><code title="">Accept-Encoding</code></li> + <li><code title="">Access-Control-Request-Headers</code></li> + <li><code title="">Access-Control-Request-Method</code></li> + <li><code title="">Connection</code></li> + <li><code title="">Content-Length</code></li> + <li><code title="">Cookie</code></li> + <li><code title="">Cookie2</code></li> + <li><code title="">Date</code></li> + <li><code title="">DNT</code></li> + <li><code title="">Expect</code></li> + <li><code title="">Feature-Policy</code></li> + <li><code title="">Host</code></li> + <li><code title="">Keep-Alive</code></li> + <li><code title="http-origin">Origin</code></li> + <li><code title="http-origin">Proxy-</code></li> + <li><code title="http-origin">Sec-</code></li> + <li><code title="">Referer</code></li> + <li><code title="">TE</code></li> + <li><code title="">Trailer</code></li> + <li><code title="">Transfer-Encoding</code></li> + <li><code title="">Upgrade</code></li> + <li><code title="">Via</code></li> +</ul> + +<div class="note"> +<p><strong>Note</strong>: The <code>User-Agent</code> header is no longer forbidden, <a href="https://fetch.spec.whatwg.org/#terminology-headers">as per spec</a> — see forbidden header name list (this was implemented in Firefox 43) — it can now be set in a Fetch <a href="/en-US/docs/Web/API/Headers">Headers</a> object, or via XHR <a href="/en-US/docs/Web/API/XMLHttpRequest#setRequestHeader%28%29">setRequestHeader()</a>. However, Chrome will silently drop the header from Fetch requests (see <a href="https://bugs.chromium.org/p/chromium/issues/detail?id=571722">Chromium bug 571722</a>).</p> +</div> + +<section class="Quick_links" id="Quick_Links"> +<ol> + <li><a href="/en-US/docs/Glossary">MDN Web Docs Glossary</a> + + <ol> + <li>{{Glossary("Forbidden response header name")}}</li> + </ol> + </li> +</ol> +</section> |