diff --git a/files/en-us/_redirects.txt b/files/en-us/_redirects.txt index d8b789e60dac290..87c4b89ee59cc7e 100644 --- a/files/en-us/_redirects.txt +++ b/files/en-us/_redirects.txt @@ -3566,6 +3566,7 @@ /en-US/docs/Glossary/Empty_element /en-US/docs/Glossary/Void_element /en-US/docs/Glossary/Error /en-US/docs/Glossary/Exception /en-US/docs/Glossary/First_interactive /en-US/docs/Glossary/First_CPU_idle +/en-US/docs/Glossary/Forbidden_header_name /en-US/docs/Glossary/Forbidden_request_header /en-US/docs/Glossary/GZip /en-US/docs/Glossary/gzip_compression /en-US/docs/Glossary/Global_attribute /en-US/docs/Web/HTML/Global_attributes /en-US/docs/Glossary/Grid_Rows /en-US/docs/Glossary/Grid_Row diff --git a/files/en-us/_wikihistory.json b/files/en-us/_wikihistory.json index 0913448568c08c2..a517936b4e6c4a3 100644 --- a/files/en-us/_wikihistory.json +++ b/files/en-us/_wikihistory.json @@ -2367,7 +2367,7 @@ "rachelandrew" ] }, - "Glossary/Forbidden_header_name": { + "Glossary/Forbidden_request_header": { "modified": "2020-06-17T22:05:57.083Z", "contributors": [ "s.zeid", diff --git a/files/en-us/glossary/cors-safelisted_request_header/index.md b/files/en-us/glossary/cors-safelisted_request_header/index.md index 6bf3070c6bd64e4..ae475bc3065483c 100644 --- a/files/en-us/glossary/cors-safelisted_request_header/index.md +++ b/files/en-us/glossary/cors-safelisted_request_header/index.md @@ -33,5 +33,5 @@ CORS-safelisted headers must also fulfill the following requirements in order to - Related glossary terms: - {{Glossary("CORS-safelisted response header")}} - - {{Glossary("Forbidden header name")}} + - {{Glossary("Forbidden request header")}} - {{Glossary("Request header")}} diff --git a/files/en-us/glossary/cors-safelisted_response_header/index.md b/files/en-us/glossary/cors-safelisted_response_header/index.md index 9936fab1e30f652..7fb6b7783e906a7 100644 --- a/files/en-us/glossary/cors-safelisted_response_header/index.md +++ b/files/en-us/glossary/cors-safelisted_response_header/index.md @@ -40,5 +40,5 @@ Access-Control-Expose-Headers: X-Custom-Header, Content-Encoding - Related glossary terms: - {{Glossary("CORS")}} - {{Glossary("CORS-safelisted_request_header", "CORS-safelisted request header")}} - - {{Glossary("Forbidden header name")}} + - {{Glossary("Forbidden request header")}} - {{Glossary("Request header")}} diff --git a/files/en-us/glossary/fetch_metadata_request_header/index.md b/files/en-us/glossary/fetch_metadata_request_header/index.md index a0790b55248a064..b0298dd13192d2e 100644 --- a/files/en-us/glossary/fetch_metadata_request_header/index.md +++ b/files/en-us/glossary/fetch_metadata_request_header/index.md @@ -10,7 +10,7 @@ A **fetch metadata request header** is an {{Glossary("Request header", "HTTP req With this information a server can implement a resource isolation policy, allowing external sites to request only those resources that are intended for sharing, and that are used appropriately. This approach can help mitigate common cross-site web vulnerabilities such as {{Glossary("CSRF")}}, Cross-site Script Inclusion (XSSI), timing attacks, and cross-origin information leaks. -These headers are prefixed with `Sec-`, and hence have {{Glossary("Forbidden header name", "forbidden header names")}}. As such, they cannot be modified from JavaScript. +These headers are prefixed with `Sec-`, and hence are {{Glossary("Forbidden request header", "forbidden request headers")}}. As such, they cannot be modified from JavaScript. The fetch metadata request headers are: diff --git a/files/en-us/glossary/forbidden_header_name/index.md b/files/en-us/glossary/forbidden_request_header/index.md similarity index 61% rename from files/en-us/glossary/forbidden_header_name/index.md rename to files/en-us/glossary/forbidden_request_header/index.md index f92b9255f3f71e5..d22b8f0fe9c17c1 100644 --- a/files/en-us/glossary/forbidden_header_name/index.md +++ b/files/en-us/glossary/forbidden_request_header/index.md @@ -1,15 +1,15 @@ --- -title: Forbidden header name -slug: Glossary/Forbidden_header_name +title: Forbidden request header +slug: Glossary/Forbidden_request_header page-type: glossary-definition --- {{GlossarySidebar}} -A **forbidden header name** is the name of any [HTTP header](/en-US/docs/Web/HTTP/Headers) that cannot be modified programmatically; specifically, an HTTP **request** header name (in contrast with a {{Glossary("Forbidden response header name")}}). +A **forbidden request header** is an [HTTP header](/en-US/docs/Web/HTTP/Headers) name-value pair that cannot be set of modified programmatically in a request. For headers forbidden to be modified in responses, see {{Glossary("forbidden response header name")}}. Modifying such headers is forbidden because the user agent retains full control over them. -For example, the {{HTTPHeader("Date")}} header is a forbidden header name, so this code cannot set the message `Date` field: +For example, the {{HTTPHeader("Date")}} header is a forbidden request header, so this code cannot set the message `Date` field: ```js example-bad fetch("https://httpbin.org/get", { @@ -20,8 +20,9 @@ fetch("https://httpbin.org/get", { ``` Names starting with `Sec-` are reserved for creating new headers safe from {{glossary("API","APIs")}} that grant developers control over headers, such as {{domxref("Window/fetch", "fetch()")}}. -Forbidden header names start with `Proxy-` or `Sec-`, or are one of the following names: +Forbidden headers are one of the following: +- {{HTTPHeader("Accept-Charset")}} - {{HTTPHeader("Accept-Encoding")}} - {{HTTPHeader("Access-Control-Request-Headers")}} - {{HTTPHeader("Access-Control-Request-Method")}} @@ -43,9 +44,12 @@ Forbidden header names start with `Proxy-` or `Sec-`, or are one of the followin - {{HTTPHeader("Transfer-Encoding")}} - {{HTTPHeader("Upgrade")}} - {{HTTPHeader("Via")}} +- `X-HTTP-Method`, but only when it contains a forbidden method name ({{HTTPMethod("CONNECT")}}, {{HTTPMethod("TRACE")}}, {{HTTPMethod("TRACK")}}) +- `X-HTTP-Method-Override`, but only when it contains a forbidden method name +- `X-Method-Override`, but only when it contains a forbidden method name > [!NOTE] -> The {{HTTPHeader("User-Agent")}} header is no longer forbidden, [as per spec](https://fetch.spec.whatwg.org/#terminology-headers) — see forbidden header name list (this was implemented in Firefox 43) — it can now be set in a Fetch [Headers](/en-US/docs/Web/API/Headers) object, or with the [setRequestHeader()](/en-US/docs/Web/API/XMLHttpRequest/setRequestHeader) method of `XMLHttpRequest`. However, Chrome will silently drop the header from Fetch requests (see [Chromium bug 571722](https://crbug.com/571722)). +> The {{HTTPHeader("User-Agent")}} header used to be forbidden, but no longer is. However, Chrome still silently drops the header from Fetch requests (see [Chromium bug 571722](https://crbug.com/571722)). > [!NOTE] > While the {{HTTPHeader("Referer")}} header is listed as a forbidden header [in the spec](https://fetch.spec.whatwg.org/#forbidden-request-header), the user agent does not retain full control over it and the header can be programmatically modified. For example, when using [`fetch()`](/en-US/docs/Web/API/Window/fetch), the {{HTTPHeader("Referer")}} header can be programmatically modified via the [`referrer` option](/en-US/docs/Web/API/RequestInit#referrer). diff --git a/files/en-us/glossary/forbidden_response_header_name/index.md b/files/en-us/glossary/forbidden_response_header_name/index.md index b40f6a6bec73093..9d532f8cda5f2f4 100644 --- a/files/en-us/glossary/forbidden_response_header_name/index.md +++ b/files/en-us/glossary/forbidden_response_header_name/index.md @@ -12,4 +12,4 @@ A _forbidden response header name_ is an [HTTP header](/en-US/docs/Web/HTTP/Head - [Fetch specification: forbidden response-header name](https://fetch.spec.whatwg.org/#forbidden-response-header-name) - Related glossary terms: - - {{Glossary("Forbidden header name")}} + - {{Glossary("Forbidden request header")}} diff --git a/files/en-us/glossary/http_header/index.md b/files/en-us/glossary/http_header/index.md index de2525839b5c427..36585e5930a3b55 100644 --- a/files/en-us/glossary/http_header/index.md +++ b/files/en-us/glossary/http_header/index.md @@ -62,7 +62,7 @@ X-Cache-Info: cached - {{Glossary("Response header")}} - {{Glossary("Representation header")}} - {{Glossary("Fetch metadata request header")}} - - {{Glossary("Forbidden header name")}} + - {{Glossary("Forbidden request header")}} - {{Glossary("Forbidden response header name")}} - {{Glossary("CORS-safelisted request header")}} - {{Glossary("CORS-safelisted response header")}} diff --git a/files/en-us/mdn/writing_guidelines/howto/document_an_http_header/index.md b/files/en-us/mdn/writing_guidelines/howto/document_an_http_header/index.md index 00753858b0c21ce..59c9082b517e48e 100644 --- a/files/en-us/mdn/writing_guidelines/howto/document_an_http_header/index.md +++ b/files/en-us/mdn/writing_guidelines/howto/document_an_http_header/index.md @@ -35,7 +35,7 @@ This article explains how to create a new reference page for an HTTP header. - Make sure you have these sections: - Introductory text where the first sentence mentions the header name (bold) and summarizes its purpose. - - Information box containing at least the header type and if the header is a {{Glossary("Forbidden header name")}}. + - Information box containing at least the header type and if the header is a {{Glossary("Forbidden request header")}}. - A syntax box containing all possible directives/parameters/values of the HTTP header. - A section that explains these directives/values. - An example section that contains a practical use case for this header or shows where and how it occurs usually. diff --git a/files/en-us/mdn/writing_guidelines/page_structures/page_types/http_header_page_template/index.md b/files/en-us/mdn/writing_guidelines/page_structures/page_types/http_header_page_template/index.md index 9e49445a0d34173..8f3ad116fe98efa 100644 --- a/files/en-us/mdn/writing_guidelines/page_structures/page_types/http_header_page_template/index.md +++ b/files/en-us/mdn/writing_guidelines/page_structures/page_types/http_header_page_template/index.md @@ -93,7 +93,7 @@ Two or three paragraphs in this section is appropriate, and if there are substan - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} "Yes" or "No" diff --git a/files/en-us/mozilla/firefox/releases/43/index.md b/files/en-us/mozilla/firefox/releases/43/index.md index 01e0bdcf5407748..09c4a69c8403844 100644 --- a/files/en-us/mozilla/firefox/releases/43/index.md +++ b/files/en-us/mozilla/firefox/releases/43/index.md @@ -75,7 +75,7 @@ _No change._ #### Miscellaneous - The [Battery Status API](/en-US/docs/Web/API/Battery_Status_API) now uses the new promise syntax for {{domxref("Navigator.getBattery()")}}, as specified in the recent evolution of the specification ([Firefox bug 1050749](https://bugzil.la/1050749)). -- The `User-Agent` header is no longer in the list of {{Glossary("Forbidden_header_name", "forbidden header names")}} so it can now be set in a [Fetch](/en-US/docs/Web/API/Fetch_API) {{domxref("Headers")}} object, via XHR {{domxref("XMLHttpRequest.setRequestHeader()")}},… ([Firefox bug 1188932](https://bugzil.la/1188932)). +- The `User-Agent` header is no longer in the list of {{Glossary("Forbidden_request_header", "forbidden request headers")}} so it can now be set in a [Fetch](/en-US/docs/Web/API/Fetch_API) {{domxref("Headers")}} object, via XHR {{domxref("XMLHttpRequest.setRequestHeader()")}},… ([Firefox bug 1188932](https://bugzil.la/1188932)). - The {{domxref("MediaRecorder.MediaRecorder", "MediaRecorder()")}} constructor can now accept an options dictionary as a parameter, which allows you to set custom bitrates for the audio/video to be recorded ([Firefox bug 1161276](https://bugzil.la/1161276)). - The {{domxref("PerformanceObserver")}} interface, belonging to the [Performance APIs](/en-US/docs/Web/API/Performance_API) has been implemented ([Firefox bug 1165796](https://bugzil.la/1165796)). - The Frame Timing API has been added: the `PerformanceRenderTiming` and `PerformanceCompositeTiming` interfaces are now available ([Firefox bug 1191178](https://bugzil.la/1191178)). diff --git a/files/en-us/web/api/fetch_api/using_fetch/index.md b/files/en-us/web/api/fetch_api/using_fetch/index.md index b956a5803e410e8..c470f21c32aad14 100644 --- a/files/en-us/web/api/fetch_api/using_fetch/index.md +++ b/files/en-us/web/api/fetch_api/using_fetch/index.md @@ -174,7 +174,7 @@ const response = await fetch("https://example.org/post", { }); ``` -Compared to using plain objects, the `Headers` object provides some additional input sanitization. For example, it normalizes header names to lowercase, strips leading and trailing whitespace from header values, and prevents certain headers from being set. Many headers are set automatically by the browser and can't be set by a script: these are called {{glossary("Forbidden header name", "Forbidden header names")}}. If the {{domxref("Request.mode", "mode")}} option is set to `no-cors`, then the set of permitted headers is further restricted. +Compared to using plain objects, the `Headers` object provides some additional input sanitization. For example, it normalizes header names to lowercase, strips leading and trailing whitespace from header values, and prevents certain headers from being set. Many headers are set automatically by the browser and can't be set by a script: these are called {{glossary("Forbidden request header", "Forbidden request headers")}}. If the {{domxref("Request.mode", "mode")}} option is set to `no-cors`, then the set of permitted headers is further restricted. ### Sending data in a GET request diff --git a/files/en-us/web/api/headers/append/index.md b/files/en-us/web/api/headers/append/index.md index f68132d315fcf5f..952c53be033dff8 100644 --- a/files/en-us/web/api/headers/append/index.md +++ b/files/en-us/web/api/headers/append/index.md @@ -18,7 +18,7 @@ that if the specified header already exists and accepts multiple values, `append()` will append the new value onto the end of the set of values. For security reasons, some headers can only be controlled by the user agent. These -headers include the {{Glossary("Forbidden_header_name", "forbidden header names")}} +headers include the {{Glossary("Forbidden_request_header", "forbidden request headers")}} and {{Glossary("Forbidden_response_header_name", "forbidden response header names")}}. ## Syntax diff --git a/files/en-us/web/api/headers/delete/index.md b/files/en-us/web/api/headers/delete/index.md index 02b09b40cfead7a..80dc1beb609ee35 100644 --- a/files/en-us/web/api/headers/delete/index.md +++ b/files/en-us/web/api/headers/delete/index.md @@ -12,7 +12,7 @@ The **`delete()`** method of the {{domxref("Headers")}} interface deletes a header from the current `Headers` object. For security reasons, some headers can only be controlled by the user agent. These -headers include the {{Glossary("Forbidden_header_name", "forbidden header names")}} +headers include the {{Glossary("Forbidden_request_header", "forbidden request headers")}} and {{Glossary("Forbidden_response_header_name", "forbidden response header names")}}. ## Syntax diff --git a/files/en-us/web/api/headers/get/index.md b/files/en-us/web/api/headers/get/index.md index 72d69f461dc34f3..a8cfd5ca9d5c6ae 100644 --- a/files/en-us/web/api/headers/get/index.md +++ b/files/en-us/web/api/headers/get/index.md @@ -14,7 +14,7 @@ with a given name. If the requested header doesn't exist in the `Headers` object, it returns `null`. For security reasons, some headers can only be controlled by the user agent. These -headers include the {{Glossary("Forbidden_header_name", "forbidden header names")}} +headers include the {{Glossary("Forbidden_request_header", "forbidden request headers")}} and {{Glossary("Forbidden_response_header_name", "forbidden response header names")}}. ## Syntax diff --git a/files/en-us/web/api/headers/has/index.md b/files/en-us/web/api/headers/has/index.md index df68bdda66d434d..40f2ce910a2b10a 100644 --- a/files/en-us/web/api/headers/has/index.md +++ b/files/en-us/web/api/headers/has/index.md @@ -13,7 +13,7 @@ returns a boolean stating whether a `Headers` object contains a certain header. For security reasons, some headers can only be controlled by the user agent. These -headers include the {{Glossary("Forbidden_header_name", "forbidden header names")}} +headers include the {{Glossary("Forbidden_request_header", "forbidden request headers")}} and {{Glossary("Forbidden_response_header_name", "forbidden response header names")}}. ## Syntax diff --git a/files/en-us/web/api/headers/index.md b/files/en-us/web/api/headers/index.md index fbdf62b512d7c07..b57b82df3e22ecb 100644 --- a/files/en-us/web/api/headers/index.md +++ b/files/en-us/web/api/headers/index.md @@ -27,7 +27,7 @@ Some `Headers` objects have restrictions on whether the {{domxref("Headers.set", - For headers created with {{domxref("Headers.Headers","Headers()")}} constructor, there are no modification restrictions. - For headers of {{domxref("Request")}} objects: - If the request's {{domxref("Request.mode","mode")}} is `no-cors`, you can modify any {{Glossary("CORS-safelisted request header")}} name/value. - - Otherwise, you can modify any {{Glossary("forbidden header name", "non-forbidden header")}} name/value. + - Otherwise, you can modify any {{Glossary("forbidden request header", "non-forbidden request header")}} name/value. - For headers of {{domxref("Response")}} objects: - If the response is created using {{domxref("Response.error_static", "Response.error()")}} or {{domxref("Response.redirect_static", "Response.redirect()")}}, or received from a {{domxref("Window/fetch", "fetch()")}} call, the headers are immutable and cannot be modified. - Otherwise, if the response is created using {{domxref("Response.Response","Response()")}} or {{domxref("Response.json_static","Response.json()")}}, you can modify any {{Glossary("forbidden response header name", "non-forbidden response header")}} name/value. diff --git a/files/en-us/web/api/headers/set/index.md b/files/en-us/web/api/headers/set/index.md index 09d089cc9d1fa89..52bd6d425bb0d42 100644 --- a/files/en-us/web/api/headers/set/index.md +++ b/files/en-us/web/api/headers/set/index.md @@ -18,7 +18,7 @@ overwrites the existing value with the new one, whereas {{domxref("Headers.appen appends the new value to the end of the set of values. For security reasons, some headers can only be controlled by the user agent. These -headers include the {{Glossary("Forbidden_header_name", "forbidden header names")}} +headers include the {{Glossary("Forbidden_request_header", "forbidden request headers")}} and {{Glossary("Forbidden_response_header_name", "forbidden response header names")}}. ## Syntax diff --git a/files/en-us/web/api/requestinit/index.md b/files/en-us/web/api/requestinit/index.md index 7c462472279c45d..e8c90ef855fd42e 100644 --- a/files/en-us/web/api/requestinit/index.md +++ b/files/en-us/web/api/requestinit/index.md @@ -109,7 +109,7 @@ You can also construct a `Request` with a `RequestInit`, and pass the `Request` - : Any headers you want to add to your request, contained within a {{domxref("Headers")}} object or an object literal whose keys are the names of headers and whose values are the header values. - Many headers are set automatically by the browser and can't be set by a script: these are called {{glossary("Forbidden header name", "Forbidden header names")}}. + Many headers are set automatically by the browser and can't be set by a script: these are called {{glossary("Forbidden request headers", "Forbidden request headers")}}. If the `mode` option is set to `no-cors`, you can only set {{glossary("CORS-safelisted request header", "CORS-safelisted request headers")}}. diff --git a/files/en-us/web/api/xmlhttprequest/setrequestheader/index.md b/files/en-us/web/api/xmlhttprequest/setrequestheader/index.md index f7b04fc9f11ebdb..8fff528b4980f38 100644 --- a/files/en-us/web/api/xmlhttprequest/setrequestheader/index.md +++ b/files/en-us/web/api/xmlhttprequest/setrequestheader/index.md @@ -16,7 +16,7 @@ Each time you call `setRequestHeader()` after the first time you call it, the sp If no {{HTTPHeader("Accept")}} header has been set using this, an `Accept` header with the type `"*/*"` is sent with the request when {{domxref("XMLHttpRequest.send", "send()")}} is called. -For security reasons, there are several {{Glossary("Forbidden_header_name", "forbidden header names")}} whose values are controlled by the user agent. Any attempt to set a value for one of those headers from frontend JavaScript code will be ignored without warning or error. +For security reasons, there are several {{Glossary("Forbidden_request_header", "forbidden request headers")}} whose values are controlled by the user agent. Any attempt to set a value for one of those headers from frontend JavaScript code will be ignored without warning or error. In addition, the [`Authorization`](/en-US/docs/Web/HTTP/Headers/Authorization) HTTP header may be added to a request, but will be removed if the request is redirected cross-origin. diff --git a/files/en-us/web/http/cors/index.md b/files/en-us/web/http/cors/index.md index 1d60ddf4f6b9a6b..aea05dcd8400632 100644 --- a/files/en-us/web/http/cors/index.md +++ b/files/en-us/web/http/cors/index.md @@ -55,7 +55,7 @@ A _simple request_ is one that **meets all the following conditions**: - {{HTTPMethod("HEAD")}} - {{HTTPMethod("POST")}} -- Apart from the headers automatically set by the user agent (for example, {{HTTPHeader("Connection")}}, {{HTTPHeader("User-Agent")}}, or [the other headers defined in the Fetch spec as a _forbidden header name_](https://fetch.spec.whatwg.org/#forbidden-header-name)), the only headers which are allowed to be manually set are [those which the Fetch spec defines as a CORS-safelisted request-header](https://fetch.spec.whatwg.org/#cors-safelisted-request-header), which are: +- Apart from the headers automatically set by the user agent (for example, {{HTTPHeader("Connection")}}, {{HTTPHeader("User-Agent")}}, or the {{glossary("Forbidden request header", "forbidden request headers")}}), the only headers which are allowed to be manually set are the [CORS-safelisted request-headers](/en-US/docs/Glossary/CORS-safelisted_request_header), which are: - {{HTTPHeader("Accept")}} - {{HTTPHeader("Accept-Language")}} diff --git a/files/en-us/web/http/headers/accept-ch/index.md b/files/en-us/web/http/headers/accept-ch/index.md index 7fc41945f3f72f8..573ba1b27e77b04 100644 --- a/files/en-us/web/http/headers/accept-ch/index.md +++ b/files/en-us/web/http/headers/accept-ch/index.md @@ -17,7 +17,7 @@ To ensure client hints are sent reliably, the `Accept-CH` header should be persi {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/accept-encoding/index.md b/files/en-us/web/http/headers/accept-encoding/index.md index 956bd01ed4cd573..c72fba8f6fe9575 100644 --- a/files/en-us/web/http/headers/accept-encoding/index.md +++ b/files/en-us/web/http/headers/accept-encoding/index.md @@ -32,7 +32,7 @@ As long as the `identity;q=0` or `*;q=0` directives do not explicitly forbid the {{Glossary("Request header")}}, {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/accept-language/index.md b/files/en-us/web/http/headers/accept-language/index.md index 8e00f1d2b29ebf9..cc303e99c43b943 100644 --- a/files/en-us/web/http/headers/accept-language/index.md +++ b/files/en-us/web/http/headers/accept-language/index.md @@ -28,7 +28,7 @@ Servers often ignore the `Accept-Language` header in such cases and send a succe {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/accept-patch/index.md b/files/en-us/web/http/headers/accept-patch/index.md index a3f6de329914635..4a26a8c86d995e0 100644 --- a/files/en-us/web/http/headers/accept-patch/index.md +++ b/files/en-us/web/http/headers/accept-patch/index.md @@ -24,7 +24,7 @@ An `Accept-Patch` header in a response to any request method implicitly means th {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/accept-post/index.md b/files/en-us/web/http/headers/accept-post/index.md index 098de6e19553dc5..3f01dc52c930f8f 100644 --- a/files/en-us/web/http/headers/accept-post/index.md +++ b/files/en-us/web/http/headers/accept-post/index.md @@ -24,7 +24,7 @@ An `Accept-Post` header in a response to any request method implicitly means tha {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/accept-ranges/index.md b/files/en-us/web/http/headers/accept-ranges/index.md index 27c29a231dbe999..03a357ea60f0f74 100644 --- a/files/en-us/web/http/headers/accept-ranges/index.md +++ b/files/en-us/web/http/headers/accept-ranges/index.md @@ -19,7 +19,7 @@ For example, a response with an `Accept-Ranges` header indicates that the server {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/accept/index.md b/files/en-us/web/http/headers/accept/index.md index 23aa6389a6cda48..6fb97b785cc5ea3 100644 --- a/files/en-us/web/http/headers/accept/index.md +++ b/files/en-us/web/http/headers/accept/index.md @@ -22,7 +22,7 @@ For example, a browser uses different values in a request when fetching a CSS st {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/access-control-allow-credentials/index.md b/files/en-us/web/http/headers/access-control-allow-credentials/index.md index 8427b3e899fff73..1879539c3b770b2 100644 --- a/files/en-us/web/http/headers/access-control-allow-credentials/index.md +++ b/files/en-us/web/http/headers/access-control-allow-credentials/index.md @@ -31,7 +31,7 @@ When credentials are included: {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/access-control-allow-headers/index.md b/files/en-us/web/http/headers/access-control-allow-headers/index.md index 011c92c05db0009..8daff6f3da9ed2c 100644 --- a/files/en-us/web/http/headers/access-control-allow-headers/index.md +++ b/files/en-us/web/http/headers/access-control-allow-headers/index.md @@ -20,7 +20,7 @@ This header is required if the preflight request contains {{HTTPHeader("Access-C {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/access-control-allow-methods/index.md b/files/en-us/web/http/headers/access-control-allow-methods/index.md index a42f0101d608a35..7b1b740efdb1d7a 100644 --- a/files/en-us/web/http/headers/access-control-allow-methods/index.md +++ b/files/en-us/web/http/headers/access-control-allow-methods/index.md @@ -16,7 +16,7 @@ The HTTP **`Access-Control-Allow-Methods`** {{Glossary("response header")}} spec {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/access-control-allow-origin/index.md b/files/en-us/web/http/headers/access-control-allow-origin/index.md index abf1e345a7ab87d..d18c27018a348e2 100644 --- a/files/en-us/web/http/headers/access-control-allow-origin/index.md +++ b/files/en-us/web/http/headers/access-control-allow-origin/index.md @@ -16,7 +16,7 @@ The HTTP **`Access-Control-Allow-Origin`** {{Glossary("response header")}} indic {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/access-control-expose-headers/index.md b/files/en-us/web/http/headers/access-control-expose-headers/index.md index 1049b68862f931a..b11e3998fdb0c38 100644 --- a/files/en-us/web/http/headers/access-control-expose-headers/index.md +++ b/files/en-us/web/http/headers/access-control-expose-headers/index.md @@ -18,7 +18,7 @@ Only the {{Glossary("CORS-safelisted response header", "CORS-safelisted response {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/access-control-max-age/index.md b/files/en-us/web/http/headers/access-control-max-age/index.md index b18f11712859037..7d209f9b91e60f1 100644 --- a/files/en-us/web/http/headers/access-control-max-age/index.md +++ b/files/en-us/web/http/headers/access-control-max-age/index.md @@ -16,7 +16,7 @@ The HTTP **`Access-Control-Max-Age`** {{Glossary("response header")}} indicates {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/access-control-request-headers/index.md b/files/en-us/web/http/headers/access-control-request-headers/index.md index 17dea1c8bbb352b..77898cf79072927 100644 --- a/files/en-us/web/http/headers/access-control-request-headers/index.md +++ b/files/en-us/web/http/headers/access-control-request-headers/index.md @@ -16,7 +16,7 @@ The HTTP **`Access-Control-Request-Headers`** {{Glossary("request header")}} is {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/access-control-request-method/index.md b/files/en-us/web/http/headers/access-control-request-method/index.md index 53fdaae80163f09..05f9995f6d5bd6c 100644 --- a/files/en-us/web/http/headers/access-control-request-method/index.md +++ b/files/en-us/web/http/headers/access-control-request-method/index.md @@ -17,7 +17,7 @@ This header is necessary because the preflight request is always an {{HTTPMethod {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/age/index.md b/files/en-us/web/http/headers/age/index.md index 152d95cd588cab5..9c680b93e5c01e9 100644 --- a/files/en-us/web/http/headers/age/index.md +++ b/files/en-us/web/http/headers/age/index.md @@ -19,7 +19,7 @@ If the value is `0`, the object was probably fetched from the origin server; oth {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/allow/index.md b/files/en-us/web/http/headers/allow/index.md index 0cc33bc1001c49a..9b2edc4627c64d2 100644 --- a/files/en-us/web/http/headers/allow/index.md +++ b/files/en-us/web/http/headers/allow/index.md @@ -18,7 +18,7 @@ An empty `Allow` value indicates that the resource allows no request methods, wh {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/alt-svc/index.md b/files/en-us/web/http/headers/alt-svc/index.md index d0ed2ed937d4f95..098b173ee265d6a 100644 --- a/files/en-us/web/http/headers/alt-svc/index.md +++ b/files/en-us/web/http/headers/alt-svc/index.md @@ -18,7 +18,7 @@ Doing so allows new protocol versions to be advertised without affecting in-flig {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/alt-used/index.md b/files/en-us/web/http/headers/alt-used/index.md index f3f4df46220b01d..c53fb5d669dfedd 100644 --- a/files/en-us/web/http/headers/alt-used/index.md +++ b/files/en-us/web/http/headers/alt-used/index.md @@ -20,7 +20,7 @@ When a client uses an alternative service for a request, it can indicate this to {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/attribution-reporting-eligible/index.md b/files/en-us/web/http/headers/attribution-reporting-eligible/index.md index c1dc5aa088bbe2f..0a439286b82a08b 100644 --- a/files/en-us/web/http/headers/attribution-reporting-eligible/index.md +++ b/files/en-us/web/http/headers/attribution-reporting-eligible/index.md @@ -22,7 +22,7 @@ See the [Attribution Reporting API](/en-US/docs/Web/API/Attribution_Reporting_AP {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/attribution-reporting-register-source/index.md b/files/en-us/web/http/headers/attribution-reporting-register-source/index.md index 8f864dc65a2d71c..fc299604676ce35 100644 --- a/files/en-us/web/http/headers/attribution-reporting-register-source/index.md +++ b/files/en-us/web/http/headers/attribution-reporting-register-source/index.md @@ -23,7 +23,7 @@ See the [Attribution Reporting API](/en-US/docs/Web/API/Attribution_Reporting_AP {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/attribution-reporting-register-trigger/index.md b/files/en-us/web/http/headers/attribution-reporting-register-trigger/index.md index 1065b2c5fab1dfe..d75d6e1039a256b 100644 --- a/files/en-us/web/http/headers/attribution-reporting-register-trigger/index.md +++ b/files/en-us/web/http/headers/attribution-reporting-register-trigger/index.md @@ -23,7 +23,7 @@ See the [Attribution Reporting API](/en-US/docs/Web/API/Attribution_Reporting_AP {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/authorization/index.md b/files/en-us/web/http/headers/authorization/index.md index 553b0c68d71a267..34f30eda16a5cf5 100644 --- a/files/en-us/web/http/headers/authorization/index.md +++ b/files/en-us/web/http/headers/authorization/index.md @@ -27,7 +27,7 @@ This header is stripped from cross-origin redirects. {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/cache-control/index.md b/files/en-us/web/http/headers/cache-control/index.md index 0c7c90faa56a9a7..3278bc36bf1133d 100644 --- a/files/en-us/web/http/headers/cache-control/index.md +++ b/files/en-us/web/http/headers/cache-control/index.md @@ -19,7 +19,7 @@ The HTTP **`Cache-Control`** header holds _directives_ (instructions) in both re - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/clear-site-data/index.md b/files/en-us/web/http/headers/clear-site-data/index.md index 32458a6dde0e893..ea80540ec68a4b2 100644 --- a/files/en-us/web/http/headers/clear-site-data/index.md +++ b/files/en-us/web/http/headers/clear-site-data/index.md @@ -17,7 +17,7 @@ It allows web developers to have more control over the data stored by browsers f {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/connection/index.md b/files/en-us/web/http/headers/connection/index.md index f803c8c88cf919d..c284d0224ac6719 100644 --- a/files/en-us/web/http/headers/connection/index.md +++ b/files/en-us/web/http/headers/connection/index.md @@ -38,7 +38,7 @@ Therefore, to ensure backwards compatibility, browsers often send `Connection: k - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/content-digest/index.md b/files/en-us/web/http/headers/content-digest/index.md index b64760b96e41160..58cc5b2d58b89ad 100644 --- a/files/en-us/web/http/headers/content-digest/index.md +++ b/files/en-us/web/http/headers/content-digest/index.md @@ -24,7 +24,7 @@ For this reason, a `Content-Digest` is identical to a {{HTTPHeader("Repr-Digest" {{Glossary("Request header")}}, {{Glossary("Response header")}}, {{Glossary("Representation header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/content-disposition/index.md b/files/en-us/web/http/headers/content-disposition/index.md index caa66b46a668919..21d53bbeec769e5 100644 --- a/files/en-us/web/http/headers/content-disposition/index.md +++ b/files/en-us/web/http/headers/content-disposition/index.md @@ -23,7 +23,7 @@ The `Content-Disposition` header is defined in the larger context of MIME messag - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/content-dpr/index.md b/files/en-us/web/http/headers/content-dpr/index.md index 9352450de93f897..9556855d6e6ff43 100644 --- a/files/en-us/web/http/headers/content-dpr/index.md +++ b/files/en-us/web/http/headers/content-dpr/index.md @@ -31,7 +31,7 @@ If the `Content-DPR` header appears more than once in a message, the last occurr - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/content-encoding/index.md b/files/en-us/web/http/headers/content-encoding/index.md index 8070fa0d875537c..448e2ea8bcd8301 100644 --- a/files/en-us/web/http/headers/content-encoding/index.md +++ b/files/en-us/web/http/headers/content-encoding/index.md @@ -25,7 +25,7 @@ Content encoding differs to {{HTTPHeader("Transfer-Encoding")}} in that `Transfe {{Glossary("Representation header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/content-language/index.md b/files/en-us/web/http/headers/content-language/index.md index 60636c46fcb7310..9aeb65e9898cdd5 100644 --- a/files/en-us/web/http/headers/content-language/index.md +++ b/files/en-us/web/http/headers/content-language/index.md @@ -20,7 +20,7 @@ If no `Content-Language` is specified, the default is that the content is intend {{Glossary("Representation header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/content-length/index.md b/files/en-us/web/http/headers/content-length/index.md index 2fd384883a2c159..ea64809275992ee 100644 --- a/files/en-us/web/http/headers/content-length/index.md +++ b/files/en-us/web/http/headers/content-length/index.md @@ -20,7 +20,7 @@ The HTTP **`Content-Length`** header indicates the size, in bytes, of the messag - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/content-location/index.md b/files/en-us/web/http/headers/content-location/index.md index 7d442ec89d02aad..aa8cda8c9b84f9e 100644 --- a/files/en-us/web/http/headers/content-location/index.md +++ b/files/en-us/web/http/headers/content-location/index.md @@ -21,7 +21,7 @@ The `Content-Location` header is different from the {{HTTPHeader("Location")}} h {{Glossary("Representation header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/content-range/index.md b/files/en-us/web/http/headers/content-range/index.md index 87a3aed71e3c5c4..71f5095ecc694f5 100644 --- a/files/en-us/web/http/headers/content-range/index.md +++ b/files/en-us/web/http/headers/content-range/index.md @@ -21,7 +21,7 @@ It should only be included in {{HTTPStatus("206", "206 Partial Content")}} or {{ - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/content-security-policy-report-only/index.md b/files/en-us/web/http/headers/content-security-policy-report-only/index.md index b8f3bf0fcebe0d0..4786babfc4afa65 100644 --- a/files/en-us/web/http/headers/content-security-policy-report-only/index.md +++ b/files/en-us/web/http/headers/content-security-policy-report-only/index.md @@ -27,7 +27,7 @@ For more information, see our [Content Security Policy (CSP)](/en-US/docs/Web/HT {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/content-security-policy/index.md b/files/en-us/web/http/headers/content-security-policy/index.md index 11ad628e70baeca..0299b46ca2899e2 100644 --- a/files/en-us/web/http/headers/content-security-policy/index.md +++ b/files/en-us/web/http/headers/content-security-policy/index.md @@ -20,7 +20,7 @@ See the [Content Security Policy (CSP)](/en-US/docs/Web/HTTP/CSP) guide for deta {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} no diff --git a/files/en-us/web/http/headers/content-type/index.md b/files/en-us/web/http/headers/content-type/index.md index 1d0ba55faa798b6..86d51775d33c697 100644 --- a/files/en-us/web/http/headers/content-type/index.md +++ b/files/en-us/web/http/headers/content-type/index.md @@ -27,7 +27,7 @@ The `Content-Type` header differs from {{HTTPHeader("Content-Encoding")}} in tha {{Glossary("Representation header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/cookie/index.md b/files/en-us/web/http/headers/cookie/index.md index 2c5e561db4ccd53..0c443edc87b07e6 100644 --- a/files/en-us/web/http/headers/cookie/index.md +++ b/files/en-us/web/http/headers/cookie/index.md @@ -18,7 +18,7 @@ The `Cookie` header is optional and may be omitted if, for example, the browser' {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/critical-ch/index.md b/files/en-us/web/http/headers/critical-ch/index.md index 396f9dd5b0d09c1..07e512c31852484 100644 --- a/files/en-us/web/http/headers/critical-ch/index.md +++ b/files/en-us/web/http/headers/critical-ch/index.md @@ -24,7 +24,7 @@ Each header listed in the `Critical-CH` header should also be present in the `Ac - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/cross-origin-opener-policy/index.md b/files/en-us/web/http/headers/cross-origin-opener-policy/index.md index 89ff173e09d1514..8aff741d6a149ab 100644 --- a/files/en-us/web/http/headers/cross-origin-opener-policy/index.md +++ b/files/en-us/web/http/headers/cross-origin-opener-policy/index.md @@ -24,7 +24,7 @@ The behaviour depends on the policies of both the new document and its opener, a {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/cross-origin-resource-policy/index.md b/files/en-us/web/http/headers/cross-origin-resource-policy/index.md index 0be780844172ab4..b2e81ac4b035f00 100644 --- a/files/en-us/web/http/headers/cross-origin-resource-policy/index.md +++ b/files/en-us/web/http/headers/cross-origin-resource-policy/index.md @@ -18,7 +18,7 @@ It specifies resource owner's policy for what sites/origins should be allowed to {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/date/index.md b/files/en-us/web/http/headers/date/index.md index 56ba3b807a7a96d..37774dc5e9a5ba4 100644 --- a/files/en-us/web/http/headers/date/index.md +++ b/files/en-us/web/http/headers/date/index.md @@ -19,7 +19,7 @@ The HTTP **`Date`** {{Glossary("request header", "request")}} and {{Glossary("re - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes @@ -67,7 +67,7 @@ Date: Tue, 29 Oct 2024 16:56:32 GMT ### Attempting to set the field value in JavaScript -The `Date` header is a {{Glossary("forbidden header name")}}, so this code cannot set the message `Date` field: +The `Date` header is a {{Glossary("Forbidden request header")}}, so this code cannot set the message `Date` field: ```js example-bad fetch("https://httpbin.org/get", { diff --git a/files/en-us/web/http/headers/device-memory/index.md b/files/en-us/web/http/headers/device-memory/index.md index 27a3ebea47b26ad..7bab29975fd67e9 100644 --- a/files/en-us/web/http/headers/device-memory/index.md +++ b/files/en-us/web/http/headers/device-memory/index.md @@ -24,7 +24,7 @@ Servers that opt in to the `Device-Memory` client hint will typically also speci - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/dnt/index.md b/files/en-us/web/http/headers/dnt/index.md index f366494bb2deef5..ff1354614d207ea 100644 --- a/files/en-us/web/http/headers/dnt/index.md +++ b/files/en-us/web/http/headers/dnt/index.md @@ -25,7 +25,7 @@ DNT is deprecated in favor of [Global Privacy Control](https://globalprivacycont {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/downlink/index.md b/files/en-us/web/http/headers/downlink/index.md index 5b1170655a49fb6..e31ad321b34e82b 100644 --- a/files/en-us/web/http/headers/downlink/index.md +++ b/files/en-us/web/http/headers/downlink/index.md @@ -28,7 +28,7 @@ For example, a server might choose to send smaller versions of images and other - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/dpr/index.md b/files/en-us/web/http/headers/dpr/index.md index a860ad2e3e0cfb4..4a73bb4ec1d224f 100644 --- a/files/en-us/web/http/headers/dpr/index.md +++ b/files/en-us/web/http/headers/dpr/index.md @@ -36,7 +36,7 @@ Servers that opt in to the `DPR` client hint will typically also specify it in t - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/early-data/index.md b/files/en-us/web/http/headers/early-data/index.md index a6d42d62973fdb4..14c55bcd0e4853a 100644 --- a/files/en-us/web/http/headers/early-data/index.md +++ b/files/en-us/web/http/headers/early-data/index.md @@ -23,7 +23,7 @@ The `Early-Data` header is **not** set by the originator of the request (i.e., a {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/ect/index.md b/files/en-us/web/http/headers/ect/index.md index 1034ec91be954ea..356de35d4c1fb34 100644 --- a/files/en-us/web/http/headers/ect/index.md +++ b/files/en-us/web/http/headers/ect/index.md @@ -29,7 +29,7 @@ The hint allows a server to choose what information is sent based on the broad c - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/etag/index.md b/files/en-us/web/http/headers/etag/index.md index 96a409478ae7970..dd20d729db79ea7 100644 --- a/files/en-us/web/http/headers/etag/index.md +++ b/files/en-us/web/http/headers/etag/index.md @@ -21,7 +21,7 @@ A comparison of them can determine whether two representations of a resource are {{Glossary("Response header")}}, {{Glossary("Representation header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/expect-ct/index.md b/files/en-us/web/http/headers/expect-ct/index.md index 2f827e5e70c4985..a5ec54317043d47 100644 --- a/files/en-us/web/http/headers/expect-ct/index.md +++ b/files/en-us/web/http/headers/expect-ct/index.md @@ -40,7 +40,7 @@ CT requirements can be satisfied via any one of the following mechanisms: {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/expect/index.md b/files/en-us/web/http/headers/expect/index.md index 13bfbb99b2c9570..0a47c0a3828ac40 100644 --- a/files/en-us/web/http/headers/expect/index.md +++ b/files/en-us/web/http/headers/expect/index.md @@ -23,7 +23,7 @@ None of the more common browsers send the `Expect` header, but some clients (com {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/expires/index.md b/files/en-us/web/http/headers/expires/index.md index 6d3f995b14119cc..8a838809732a6dd 100644 --- a/files/en-us/web/http/headers/expires/index.md +++ b/files/en-us/web/http/headers/expires/index.md @@ -21,7 +21,7 @@ The value `0` is used to represent a date in the past, indicating the resource h {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/forwarded/index.md b/files/en-us/web/http/headers/forwarded/index.md index 54cfbe9fc55a142..edc34bf6578b514 100644 --- a/files/en-us/web/http/headers/forwarded/index.md +++ b/files/en-us/web/http/headers/forwarded/index.md @@ -25,7 +25,7 @@ The alternative and de-facto standard versions of this header are the {{HTTPHead {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/from/index.md b/files/en-us/web/http/headers/from/index.md index afc7dcdd0284b74..3d345b176382bbe 100644 --- a/files/en-us/web/http/headers/from/index.md +++ b/files/en-us/web/http/headers/from/index.md @@ -21,7 +21,7 @@ If you are running a robotic user agent (a web crawler, for example), the `From` {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/host/index.md b/files/en-us/web/http/headers/host/index.md index 92a84b6bf0080ba..ff085573a27cd50 100644 --- a/files/en-us/web/http/headers/host/index.md +++ b/files/en-us/web/http/headers/host/index.md @@ -21,7 +21,7 @@ A {{HTTPStatus("400", "400 Bad Request")}} status code may be sent to any HTTP/1 {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/if-match/index.md b/files/en-us/web/http/headers/if-match/index.md index 41d3a40e3ac9e69..37ba67fd49a97c5 100644 --- a/files/en-us/web/http/headers/if-match/index.md +++ b/files/en-us/web/http/headers/if-match/index.md @@ -28,7 +28,7 @@ There are two common use cases: {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/if-modified-since/index.md b/files/en-us/web/http/headers/if-modified-since/index.md index 25fe771316f08d2..e620d496bd6a553 100644 --- a/files/en-us/web/http/headers/if-modified-since/index.md +++ b/files/en-us/web/http/headers/if-modified-since/index.md @@ -23,7 +23,7 @@ The most common use case is to update a cached entity that has no associated {{H {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/if-none-match/index.md b/files/en-us/web/http/headers/if-none-match/index.md index 058ab90a9f9e99a..26aa6966aa485c9 100644 --- a/files/en-us/web/http/headers/if-none-match/index.md +++ b/files/en-us/web/http/headers/if-none-match/index.md @@ -31,7 +31,7 @@ There are two common cases for using `If-None-Match` in requests: {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/if-range/index.md b/files/en-us/web/http/headers/if-range/index.md index 876f8e6cfdc9412..c2dc74a17c23aa4 100644 --- a/files/en-us/web/http/headers/if-range/index.md +++ b/files/en-us/web/http/headers/if-range/index.md @@ -22,7 +22,7 @@ The most common use case is to resume a download with guarantees that the resour {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/if-unmodified-since/index.md b/files/en-us/web/http/headers/if-unmodified-since/index.md index 5ac6a3661f4dd5b..f4468442478a342 100644 --- a/files/en-us/web/http/headers/if-unmodified-since/index.md +++ b/files/en-us/web/http/headers/if-unmodified-since/index.md @@ -23,7 +23,7 @@ The `If-Unmodified-Since` header is commonly used in the following situations: {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/keep-alive/index.md b/files/en-us/web/http/headers/keep-alive/index.md index 7447bcc43aa88a1..196de841cc2d793 100644 --- a/files/en-us/web/http/headers/keep-alive/index.md +++ b/files/en-us/web/http/headers/keep-alive/index.md @@ -30,7 +30,7 @@ Additional parameters for the connection can be requested with the `Keep-Alive` - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/last-modified/index.md b/files/en-us/web/http/headers/last-modified/index.md index def5baa26a62087..5340616cc07a86a 100644 --- a/files/en-us/web/http/headers/last-modified/index.md +++ b/files/en-us/web/http/headers/last-modified/index.md @@ -20,7 +20,7 @@ It is less accurate than an {{HTTPHeader("ETag")}} for determining file contents {{glossary("Response header")}}, {{Glossary("Representation header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/link/index.md b/files/en-us/web/http/headers/link/index.md index 914b38776333644..6793198e71ee904 100644 --- a/files/en-us/web/http/headers/link/index.md +++ b/files/en-us/web/http/headers/link/index.md @@ -25,7 +25,7 @@ The only relations that work reliably are [`preconnect`](/en-US/docs/Web/HTML/At - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/location/index.md b/files/en-us/web/http/headers/location/index.md index 7946ca0acb84d42..c28f70c7afa0c6b 100644 --- a/files/en-us/web/http/headers/location/index.md +++ b/files/en-us/web/http/headers/location/index.md @@ -31,7 +31,7 @@ In cases of resource creation, it indicates the URL of the newly-created resourc {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/max-forwards/index.md b/files/en-us/web/http/headers/max-forwards/index.md index 61eec7739c88ff1..23227539e7042aa 100644 --- a/files/en-us/web/http/headers/max-forwards/index.md +++ b/files/en-us/web/http/headers/max-forwards/index.md @@ -22,7 +22,7 @@ If the `Max-Forwards` header is not present in a `TRACE` request, a node will as {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/nel/index.md b/files/en-us/web/http/headers/nel/index.md index ab6f40c87aa852d..7f94b915750d432 100644 --- a/files/en-us/web/http/headers/nel/index.md +++ b/files/en-us/web/http/headers/nel/index.md @@ -18,7 +18,7 @@ The HTTP **`NEL`** {{Glossary("response header")}} is used to configure network {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/no-vary-search/index.md b/files/en-us/web/http/headers/no-vary-search/index.md index 44e2e1eccb2c407..2a3eb9def933e1a 100644 --- a/files/en-us/web/http/headers/no-vary-search/index.md +++ b/files/en-us/web/http/headers/no-vary-search/index.md @@ -21,7 +21,7 @@ This allows the browser to reuse existing resources despite mismatching URL para {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/observe-browsing-topics/index.md b/files/en-us/web/http/headers/observe-browsing-topics/index.md index fee192cc3d61c2c..27576f35f292a41 100644 --- a/files/en-us/web/http/headers/observe-browsing-topics/index.md +++ b/files/en-us/web/http/headers/observe-browsing-topics/index.md @@ -27,7 +27,7 @@ See [Using the Topics API](/en-US/docs/Web/API/Topics_API/Using) for more detail - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/origin-agent-cluster/index.md b/files/en-us/web/http/headers/origin-agent-cluster/index.md index c640dd032c21fc0..11ef7e45956b204 100644 --- a/files/en-us/web/http/headers/origin-agent-cluster/index.md +++ b/files/en-us/web/http/headers/origin-agent-cluster/index.md @@ -20,7 +20,7 @@ The effect of this is that a resource-intensive document will be less likely to {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/origin/index.md b/files/en-us/web/http/headers/origin/index.md index 3c7aaad3b6a8510..321335aa504f9e9 100644 --- a/files/en-us/web/http/headers/origin/index.md +++ b/files/en-us/web/http/headers/origin/index.md @@ -17,7 +17,7 @@ For example, if a user agent needs to request resources included in a page, or f {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/permissions-policy/index.md b/files/en-us/web/http/headers/permissions-policy/index.md index 874111d928e8396..71452013c0138dc 100644 --- a/files/en-us/web/http/headers/permissions-policy/index.md +++ b/files/en-us/web/http/headers/permissions-policy/index.md @@ -20,7 +20,7 @@ For more information, see the main [Permissions Policy](/en-US/docs/Web/HTTP/Per {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} yes diff --git a/files/en-us/web/http/headers/pragma/index.md b/files/en-us/web/http/headers/pragma/index.md index b2d0017bc1549bf..a22efad2ec04efb 100644 --- a/files/en-us/web/http/headers/pragma/index.md +++ b/files/en-us/web/http/headers/pragma/index.md @@ -26,7 +26,7 @@ This header serves for backwards compatibility with HTTP/1.0 caches that do not - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/priority/index.md b/files/en-us/web/http/headers/priority/index.md index a70753153049e72..3c6461b47f77ad7 100644 --- a/files/en-us/web/http/headers/priority/index.md +++ b/files/en-us/web/http/headers/priority/index.md @@ -33,7 +33,7 @@ This request may be cached, and the server is expected to control the cacheabili - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/proxy-authenticate/index.md b/files/en-us/web/http/headers/proxy-authenticate/index.md index 8bdfe7ee2a52ce4..56ca8a795c71558 100644 --- a/files/en-us/web/http/headers/proxy-authenticate/index.md +++ b/files/en-us/web/http/headers/proxy-authenticate/index.md @@ -17,7 +17,7 @@ It is sent in a {{HTTPStatus("407", "407 Proxy Authentication Required")}} respo {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/proxy-authorization/index.md b/files/en-us/web/http/headers/proxy-authorization/index.md index 8c2bde547eb6f40..dff0dbd3ffc9c6c 100644 --- a/files/en-us/web/http/headers/proxy-authorization/index.md +++ b/files/en-us/web/http/headers/proxy-authorization/index.md @@ -16,7 +16,7 @@ The HTTP **`Proxy-Authorization`** {{Glossary("request header")}} contains the c {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/range/index.md b/files/en-us/web/http/headers/range/index.md index 0aa40362beef98e..506d7aa39956cd3 100644 --- a/files/en-us/web/http/headers/range/index.md +++ b/files/en-us/web/http/headers/range/index.md @@ -27,7 +27,7 @@ The header is a [CORS-safelisted request header](/en-US/docs/Glossary/CORS-safel {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/referer/index.md b/files/en-us/web/http/headers/referer/index.md index b96fe5a5a549ac6..a14693fa4257690 100644 --- a/files/en-us/web/http/headers/referer/index.md +++ b/files/en-us/web/http/headers/referer/index.md @@ -34,7 +34,7 @@ The `Referer` should also be sent in requests following a {{httpheader("Refresh" {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/referrer-policy/index.md b/files/en-us/web/http/headers/referrer-policy/index.md index 1ebdd401ea7b926..1e131d6dc278fda 100644 --- a/files/en-us/web/http/headers/referrer-policy/index.md +++ b/files/en-us/web/http/headers/referrer-policy/index.md @@ -17,7 +17,7 @@ Aside from the HTTP header, you can [set this policy in HTML](#integration_with_ {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/refresh/index.md b/files/en-us/web/http/headers/refresh/index.md index 371a0447f0f0745..38f86041f84978e 100644 --- a/files/en-us/web/http/headers/refresh/index.md +++ b/files/en-us/web/http/headers/refresh/index.md @@ -23,7 +23,7 @@ It is exactly equivalent to using [``]( {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/report-to/index.md b/files/en-us/web/http/headers/report-to/index.md index 0a0d8c13d5ec20d..79eb678c43fd225 100644 --- a/files/en-us/web/http/headers/report-to/index.md +++ b/files/en-us/web/http/headers/report-to/index.md @@ -26,7 +26,7 @@ For example, the {{HTTPHeader("Content-Security-Policy")}} header {{CSP("report- {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/reporting-endpoints/index.md b/files/en-us/web/http/headers/reporting-endpoints/index.md index baa9102b4f9312b..b342310dc85447d 100644 --- a/files/en-us/web/http/headers/reporting-endpoints/index.md +++ b/files/en-us/web/http/headers/reporting-endpoints/index.md @@ -26,7 +26,7 @@ For more details on setting up CSP reporting, see the [Content Security Policy ( {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/repr-digest/index.md b/files/en-us/web/http/headers/repr-digest/index.md index 8da7a683fc08556..5a4b40cfab06095 100644 --- a/files/en-us/web/http/headers/repr-digest/index.md +++ b/files/en-us/web/http/headers/repr-digest/index.md @@ -23,7 +23,7 @@ A {{HTTPHeader("Content-Digest")}} applies to the content of a specific message, {{Glossary("Representation header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/retry-after/index.md b/files/en-us/web/http/headers/retry-after/index.md index 8d6c544dcaa83af..d09ecdc18d8cf5c 100644 --- a/files/en-us/web/http/headers/retry-after/index.md +++ b/files/en-us/web/http/headers/retry-after/index.md @@ -21,7 +21,7 @@ There are three main cases this header is used: {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/rtt/index.md b/files/en-us/web/http/headers/rtt/index.md index d2b01daf4f3f953..44f8308d587f228 100644 --- a/files/en-us/web/http/headers/rtt/index.md +++ b/files/en-us/web/http/headers/rtt/index.md @@ -29,7 +29,7 @@ The hint allows a server to choose what information is sent based on the network - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/save-data/index.md b/files/en-us/web/http/headers/save-data/index.md index 76f8757dde360f3..589f5e59ce5874d 100644 --- a/files/en-us/web/http/headers/save-data/index.md +++ b/files/en-us/web/http/headers/save-data/index.md @@ -32,7 +32,7 @@ When communicated to origins, this allows them to deliver alternative content to - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/sec-browsing-topics/index.md b/files/en-us/web/http/headers/sec-browsing-topics/index.md index 6bb3c7dc70deced..63392682ba373dd 100644 --- a/files/en-us/web/http/headers/sec-browsing-topics/index.md +++ b/files/en-us/web/http/headers/sec-browsing-topics/index.md @@ -29,7 +29,7 @@ See [Using the Topics API](/en-US/docs/Web/API/Topics_API/Using) for more detail {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-ch-prefers-color-scheme/index.md b/files/en-us/web/http/headers/sec-ch-prefers-color-scheme/index.md index 7e845492ce26890..03e3e22f5e69636 100644 --- a/files/en-us/web/http/headers/sec-ch-prefers-color-scheme/index.md +++ b/files/en-us/web/http/headers/sec-ch-prefers-color-scheme/index.md @@ -26,7 +26,7 @@ This header is modeled on the {{cssxref("@media/prefers-color-scheme", "prefers- - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-ch-prefers-reduced-motion/index.md b/files/en-us/web/http/headers/sec-ch-prefers-reduced-motion/index.md index 76ba7862929f956..6c2b4f3b2e346e0 100644 --- a/files/en-us/web/http/headers/sec-ch-prefers-reduced-motion/index.md +++ b/files/en-us/web/http/headers/sec-ch-prefers-reduced-motion/index.md @@ -25,7 +25,7 @@ This header is modeled on the {{cssxref("@media/prefers-reduced-motion", "prefer - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-ch-prefers-reduced-transparency/index.md b/files/en-us/web/http/headers/sec-ch-prefers-reduced-transparency/index.md index 485065b1e5fe1e9..0e617f4d77e2a96 100644 --- a/files/en-us/web/http/headers/sec-ch-prefers-reduced-transparency/index.md +++ b/files/en-us/web/http/headers/sec-ch-prefers-reduced-transparency/index.md @@ -25,7 +25,7 @@ This header is modeled on the {{cssxref("@media/prefers-reduced-transparency", " - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-ch-ua-arch/index.md b/files/en-us/web/http/headers/sec-ch-ua-arch/index.md index 52e0f6830128fe7..18cde25a5cabb35 100644 --- a/files/en-us/web/http/headers/sec-ch-ua-arch/index.md +++ b/files/en-us/web/http/headers/sec-ch-ua-arch/index.md @@ -23,7 +23,7 @@ This might be used by a server, for example, to select and offer the correct bin - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-ch-ua-bitness/index.md b/files/en-us/web/http/headers/sec-ch-ua-bitness/index.md index 73ae8f87b1fbc19..c8ed149158530d6 100644 --- a/files/en-us/web/http/headers/sec-ch-ua-bitness/index.md +++ b/files/en-us/web/http/headers/sec-ch-ua-bitness/index.md @@ -24,7 +24,7 @@ This might be used by a server, for example, to select and offer the correct bin - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-ch-ua-form-factors/index.md b/files/en-us/web/http/headers/sec-ch-ua-form-factors/index.md index 24ed860ca31fac1..bdf7381baad5997 100644 --- a/files/en-us/web/http/headers/sec-ch-ua-form-factors/index.md +++ b/files/en-us/web/http/headers/sec-ch-ua-form-factors/index.md @@ -21,7 +21,7 @@ The HTTP **`Sec-CH-UA-Form-Factors`** {{Glossary("request header")}} is a [user - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-ch-ua-full-version-list/index.md b/files/en-us/web/http/headers/sec-ch-ua-full-version-list/index.md index 7980e1a2598c134..dee2cc0004bbb52 100644 --- a/files/en-us/web/http/headers/sec-ch-ua-full-version-list/index.md +++ b/files/en-us/web/http/headers/sec-ch-ua-full-version-list/index.md @@ -29,7 +29,7 @@ This is a feature designed to prevent servers from rejecting unknown user agents - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-ch-ua-full-version/index.md b/files/en-us/web/http/headers/sec-ch-ua-full-version/index.md index aad4e8ec214dff0..fbc3c24faf2e34a 100644 --- a/files/en-us/web/http/headers/sec-ch-ua-full-version/index.md +++ b/files/en-us/web/http/headers/sec-ch-ua-full-version/index.md @@ -24,7 +24,7 @@ The HTTP **`Sec-CH-UA-Full-Version`** {{Glossary("request header")}} is a [user - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-ch-ua-mobile/index.md b/files/en-us/web/http/headers/sec-ch-ua-mobile/index.md index ffd70cb24d5e887..b5fc48f9154da41 100644 --- a/files/en-us/web/http/headers/sec-ch-ua-mobile/index.md +++ b/files/en-us/web/http/headers/sec-ch-ua-mobile/index.md @@ -25,7 +25,7 @@ Unless blocked by a user agent permission policy, it is sent by default, without - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-ch-ua-model/index.md b/files/en-us/web/http/headers/sec-ch-ua-model/index.md index da9f824b59cc426..ef1116234e3e753 100644 --- a/files/en-us/web/http/headers/sec-ch-ua-model/index.md +++ b/files/en-us/web/http/headers/sec-ch-ua-model/index.md @@ -21,7 +21,7 @@ The HTTP **`Sec-CH-UA-Model`** {{Glossary("request header")}} is a [user agent c - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-ch-ua-platform-version/index.md b/files/en-us/web/http/headers/sec-ch-ua-platform-version/index.md index 2e09ba39d8bb652..1f490e6f4dfc1fd 100644 --- a/files/en-us/web/http/headers/sec-ch-ua-platform-version/index.md +++ b/files/en-us/web/http/headers/sec-ch-ua-platform-version/index.md @@ -21,7 +21,7 @@ The HTTP **`Sec-CH-UA-Platform-Version`** {{Glossary("request header")}} is a [u - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-ch-ua-platform/index.md b/files/en-us/web/http/headers/sec-ch-ua-platform/index.md index ec8b0fd18f3527b..7e4eede027ab82e 100644 --- a/files/en-us/web/http/headers/sec-ch-ua-platform/index.md +++ b/files/en-us/web/http/headers/sec-ch-ua-platform/index.md @@ -25,7 +25,7 @@ Unless blocked by a user agent permission policy, it is sent by default (without - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-ch-ua-wow64/index.md b/files/en-us/web/http/headers/sec-ch-ua-wow64/index.md index e716bbcb60b0836..e427cc23ef942c8 100644 --- a/files/en-us/web/http/headers/sec-ch-ua-wow64/index.md +++ b/files/en-us/web/http/headers/sec-ch-ua-wow64/index.md @@ -24,7 +24,7 @@ This client hint header is used for backwards compatibility considerations, to p - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-ch-ua/index.md b/files/en-us/web/http/headers/sec-ch-ua/index.md index 024647e687f5c8a..3aa6b5013a9a1eb 100644 --- a/files/en-us/web/http/headers/sec-ch-ua/index.md +++ b/files/en-us/web/http/headers/sec-ch-ua/index.md @@ -33,7 +33,7 @@ This is a feature designed to prevent servers from rejecting unknown user agents - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-fetch-dest/index.md b/files/en-us/web/http/headers/sec-fetch-dest/index.md index c280f6f0ccb960f..0cce35f8f95d81a 100644 --- a/files/en-us/web/http/headers/sec-fetch-dest/index.md +++ b/files/en-us/web/http/headers/sec-fetch-dest/index.md @@ -19,7 +19,7 @@ This allows servers to determine whether to service a request based on whether i {{Glossary("Fetch Metadata Request Header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-fetch-mode/index.md b/files/en-us/web/http/headers/sec-fetch-mode/index.md index 911b1566998f9cd..2e849a4e13b3f8f 100644 --- a/files/en-us/web/http/headers/sec-fetch-mode/index.md +++ b/files/en-us/web/http/headers/sec-fetch-mode/index.md @@ -19,7 +19,7 @@ For example, this header would contain `navigate` for top level navigation reque {{Glossary("Fetch Metadata Request Header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-fetch-site/index.md b/files/en-us/web/http/headers/sec-fetch-site/index.md index b588a5e634a95eb..0a2978fcbcd644a 100644 --- a/files/en-us/web/http/headers/sec-fetch-site/index.md +++ b/files/en-us/web/http/headers/sec-fetch-site/index.md @@ -20,7 +20,7 @@ Same-origin requests would usually be allowed by default, but what happens for r {{Glossary("Fetch Metadata Request Header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-fetch-user/index.md b/files/en-us/web/http/headers/sec-fetch-user/index.md index 4e294e55e1dd702..5c403c0d2e2e7d3 100644 --- a/files/en-us/web/http/headers/sec-fetch-user/index.md +++ b/files/en-us/web/http/headers/sec-fetch-user/index.md @@ -18,7 +18,7 @@ A server can use this header to identify whether a navigation request from a doc {{Glossary("Fetch Metadata Request Header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-gpc/index.md b/files/en-us/web/http/headers/sec-gpc/index.md index f30e9f38045c883..d789eaa185c8a5f 100644 --- a/files/en-us/web/http/headers/sec-gpc/index.md +++ b/files/en-us/web/http/headers/sec-gpc/index.md @@ -21,7 +21,7 @@ The specification does not define how the user can withdraw or grant consent for {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-purpose/index.md b/files/en-us/web/http/headers/sec-purpose/index.md index 204e827fab02658..35c723d465e92c2 100644 --- a/files/en-us/web/http/headers/sec-purpose/index.md +++ b/files/en-us/web/http/headers/sec-purpose/index.md @@ -22,7 +22,7 @@ Note that if this header is set then a {{HTTPHeader("Sec-Fetch-Dest")}} header i {{Glossary("Fetch Metadata Request Header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-websocket-accept/index.md b/files/en-us/web/http/headers/sec-websocket-accept/index.md index 843f4db9290adac..9447ed17936a334 100644 --- a/files/en-us/web/http/headers/sec-websocket-accept/index.md +++ b/files/en-us/web/http/headers/sec-websocket-accept/index.md @@ -19,7 +19,7 @@ This header must appear no more than once in the response, and has a directive v {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-websocket-extensions/index.md b/files/en-us/web/http/headers/sec-websocket-extensions/index.md index e5465b951441675..913bdd43de391c5 100644 --- a/files/en-us/web/http/headers/sec-websocket-extensions/index.md +++ b/files/en-us/web/http/headers/sec-websocket-extensions/index.md @@ -25,7 +25,7 @@ The request header is automatically added by the browser based on its own capabi {{Glossary("Request header")}}, {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-websocket-key/index.md b/files/en-us/web/http/headers/sec-websocket-key/index.md index 99b6201c96a2935..64f84cc6289705e 100644 --- a/files/en-us/web/http/headers/sec-websocket-key/index.md +++ b/files/en-us/web/http/headers/sec-websocket-key/index.md @@ -25,7 +25,7 @@ The user agent can then validate this before this before confirming the connecti {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-websocket-protocol/index.md b/files/en-us/web/http/headers/sec-websocket-protocol/index.md index 7a09df47afdffb9..b85a5469fd818a4 100644 --- a/files/en-us/web/http/headers/sec-websocket-protocol/index.md +++ b/files/en-us/web/http/headers/sec-websocket-protocol/index.md @@ -27,7 +27,7 @@ The sub-protocol selected by the server is made available to the web application {{Glossary("Request header")}}, {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/sec-websocket-version/index.md b/files/en-us/web/http/headers/sec-websocket-version/index.md index cf78bccdea7ca73..2e73438e9b9cee6 100644 --- a/files/en-us/web/http/headers/sec-websocket-version/index.md +++ b/files/en-us/web/http/headers/sec-websocket-version/index.md @@ -28,7 +28,7 @@ The header should not be sent in responses if the server understands the version {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes (Sec- prefix) diff --git a/files/en-us/web/http/headers/server-timing/index.md b/files/en-us/web/http/headers/server-timing/index.md index 92349e3a43639d4..4221104b2ff97bb 100644 --- a/files/en-us/web/http/headers/server-timing/index.md +++ b/files/en-us/web/http/headers/server-timing/index.md @@ -17,7 +17,7 @@ It is used to surface backend server timing metrics (for example, database read/ {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/server/index.md b/files/en-us/web/http/headers/server/index.md index b1b1e2240a8849e..4e139feb0fbb8d5 100644 --- a/files/en-us/web/http/headers/server/index.md +++ b/files/en-us/web/http/headers/server/index.md @@ -26,7 +26,7 @@ In general, a more robust approach to server security is to ensure software is r {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/service-worker-allowed/index.md b/files/en-us/web/http/headers/service-worker-allowed/index.md index 322917800a37ce2..a9614d75341da8f 100644 --- a/files/en-us/web/http/headers/service-worker-allowed/index.md +++ b/files/en-us/web/http/headers/service-worker-allowed/index.md @@ -22,7 +22,7 @@ A service worker intercepts all network requests within its scope, so you should {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/service-worker-navigation-preload/index.md b/files/en-us/web/http/headers/service-worker-navigation-preload/index.md index 729fa7fb77b3a7c..6aae5fb82b252d3 100644 --- a/files/en-us/web/http/headers/service-worker-navigation-preload/index.md +++ b/files/en-us/web/http/headers/service-worker-navigation-preload/index.md @@ -21,7 +21,7 @@ For more information see {{domxref("NavigationPreloadManager.setHeaderValue()")} {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/service-worker/index.md b/files/en-us/web/http/headers/service-worker/index.md index b003a7bc97ed4d3..05a6d8ae6f765b7 100644 --- a/files/en-us/web/http/headers/service-worker/index.md +++ b/files/en-us/web/http/headers/service-worker/index.md @@ -17,7 +17,7 @@ This header helps administrators log service worker script requests for monitori {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/set-cookie/index.md b/files/en-us/web/http/headers/set-cookie/index.md index 9e2e831f026ae0e..a7dbd866cf00ba8 100644 --- a/files/en-us/web/http/headers/set-cookie/index.md +++ b/files/en-us/web/http/headers/set-cookie/index.md @@ -24,7 +24,7 @@ For more information, see the guide on [Using HTTP cookies](/en-US/docs/Web/HTTP {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/set-login/index.md b/files/en-us/web/http/headers/set-login/index.md index 3f3385a398e0780..723ad9a59dc4060 100644 --- a/files/en-us/web/http/headers/set-login/index.md +++ b/files/en-us/web/http/headers/set-login/index.md @@ -25,7 +25,7 @@ See [Update login status using the Login Status API](/en-US/docs/Web/API/FedCM_A {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/sourcemap/index.md b/files/en-us/web/http/headers/sourcemap/index.md index 876f7fb2c8f7698..0617bc105598c1c 100644 --- a/files/en-us/web/http/headers/sourcemap/index.md +++ b/files/en-us/web/http/headers/sourcemap/index.md @@ -18,7 +18,7 @@ The HTTP `SourceMap` header has precedence over a source annotation (`sourceMapp {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/speculation-rules/index.md b/files/en-us/web/http/headers/speculation-rules/index.md index 333054dfee26001..93abd658890636f 100644 --- a/files/en-us/web/http/headers/speculation-rules/index.md +++ b/files/en-us/web/http/headers/speculation-rules/index.md @@ -23,7 +23,7 @@ The resource file containing the speculation rules JSON can have any valid name {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/strict-transport-security/index.md b/files/en-us/web/http/headers/strict-transport-security/index.md index be7767bfbaa2b3b..638b589ef7ca7ed 100644 --- a/files/en-us/web/http/headers/strict-transport-security/index.md +++ b/files/en-us/web/http/headers/strict-transport-security/index.md @@ -19,7 +19,7 @@ The HTTP **`Strict-Transport-Security`** {{Glossary("response header")}} (often {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/supports-loading-mode/index.md b/files/en-us/web/http/headers/supports-loading-mode/index.md index 4542398747b9748..6f1440ae1aacdbd 100644 --- a/files/en-us/web/http/headers/supports-loading-mode/index.md +++ b/files/en-us/web/http/headers/supports-loading-mode/index.md @@ -18,7 +18,7 @@ The HTTP **`Supports-Loading-Mode`** {{Glossary("response header")}} allows a re {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/te/index.md b/files/en-us/web/http/headers/te/index.md index ca1ca5eb7bd2854..9721524a4ae6411 100644 --- a/files/en-us/web/http/headers/te/index.md +++ b/files/en-us/web/http/headers/te/index.md @@ -22,7 +22,7 @@ Transfer encodings are applied at the protocol layer, so an application consumin {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/timing-allow-origin/index.md b/files/en-us/web/http/headers/timing-allow-origin/index.md index 269f8c0da18b45c..cd603a7f61b7c0e 100644 --- a/files/en-us/web/http/headers/timing-allow-origin/index.md +++ b/files/en-us/web/http/headers/timing-allow-origin/index.md @@ -16,7 +16,7 @@ The HTTP **`Timing-Allow-Origin`** {{Glossary("response header")}} specifies ori {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/tk/index.md b/files/en-us/web/http/headers/tk/index.md index bb3c65f61d9e7dd..39d63040b6f3838 100644 --- a/files/en-us/web/http/headers/tk/index.md +++ b/files/en-us/web/http/headers/tk/index.md @@ -23,7 +23,7 @@ The HTTP **`Tk`** {{Glossary("response header")}} indicates the tracking status {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/trailer/index.md b/files/en-us/web/http/headers/trailer/index.md index aa3761ecbc514c8..a5364a862cc6b20 100644 --- a/files/en-us/web/http/headers/trailer/index.md +++ b/files/en-us/web/http/headers/trailer/index.md @@ -28,7 +28,7 @@ The HTTP **Trailer** {{glossary("request header", "request")}} and {{glossary("r - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/transfer-encoding/index.md b/files/en-us/web/http/headers/transfer-encoding/index.md index a36a6c9c864c02c..9c7681bcbcb4fee 100644 --- a/files/en-us/web/http/headers/transfer-encoding/index.md +++ b/files/en-us/web/http/headers/transfer-encoding/index.md @@ -29,7 +29,7 @@ When present on a response to a {{HTTPMethod("HEAD")}} request that has no body, - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/upgrade-insecure-requests/index.md b/files/en-us/web/http/headers/upgrade-insecure-requests/index.md index 57286974b2140aa..fd377f10fed7e55 100644 --- a/files/en-us/web/http/headers/upgrade-insecure-requests/index.md +++ b/files/en-us/web/http/headers/upgrade-insecure-requests/index.md @@ -16,7 +16,7 @@ The HTTP **`Upgrade-Insecure-Requests`** {{Glossary("request header")}} sends a {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/upgrade/index.md b/files/en-us/web/http/headers/upgrade/index.md index 8aea9507ba4f6b1..694e43ff9a197b8 100644 --- a/files/en-us/web/http/headers/upgrade/index.md +++ b/files/en-us/web/http/headers/upgrade/index.md @@ -23,7 +23,7 @@ For example, it can be used by a client to upgrade a connection from HTTP/1.1 to - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/user-agent/index.md b/files/en-us/web/http/headers/user-agent/index.md index 6bb931681725918..8b82bdcf47cb8a3 100644 --- a/files/en-us/web/http/headers/user-agent/index.md +++ b/files/en-us/web/http/headers/user-agent/index.md @@ -19,7 +19,7 @@ The HTTP **User-Agent** {{Glossary("request header")}} is a characteristic strin {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/vary/index.md b/files/en-us/web/http/headers/vary/index.md index e7a3217745ae0cd..9807e6b18bdad28 100644 --- a/files/en-us/web/http/headers/vary/index.md +++ b/files/en-us/web/http/headers/vary/index.md @@ -20,7 +20,7 @@ The same `Vary` header value should be used on all responses for a given URL, in {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/via/index.md b/files/en-us/web/http/headers/via/index.md index 548d407db295eb2..dc48213cc68e1d4 100644 --- a/files/en-us/web/http/headers/via/index.md +++ b/files/en-us/web/http/headers/via/index.md @@ -20,7 +20,7 @@ It is used for tracking message forwards, avoiding request loops, and identifyin - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} Yes diff --git a/files/en-us/web/http/headers/viewport-width/index.md b/files/en-us/web/http/headers/viewport-width/index.md index 5248070a26916d6..439737e8434becf 100644 --- a/files/en-us/web/http/headers/viewport-width/index.md +++ b/files/en-us/web/http/headers/viewport-width/index.md @@ -33,7 +33,7 @@ Servers that opt-in will typically also specify it in the {{HTTPHeader("Vary")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/want-content-digest/index.md b/files/en-us/web/http/headers/want-content-digest/index.md index 526a3781b6115d6..25aeb811c30a660 100644 --- a/files/en-us/web/http/headers/want-content-digest/index.md +++ b/files/en-us/web/http/headers/want-content-digest/index.md @@ -21,7 +21,7 @@ Some implementations may send unsolicited `Content-Digest` headers without requi {{Glossary("Representation header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/want-repr-digest/index.md b/files/en-us/web/http/headers/want-repr-digest/index.md index 2e062e80affa2bd..92d925190fcb3f1 100644 --- a/files/en-us/web/http/headers/want-repr-digest/index.md +++ b/files/en-us/web/http/headers/want-repr-digest/index.md @@ -21,7 +21,7 @@ Some implementations may send unsolicited `Repr-Digest` headers without requirin {{Glossary("Representation header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/warning/index.md b/files/en-us/web/http/headers/warning/index.md index 6ddc9b9006f6e8a..508c1e1d3c877b4 100644 --- a/files/en-us/web/http/headers/warning/index.md +++ b/files/en-us/web/http/headers/warning/index.md @@ -29,7 +29,7 @@ However, some warn-codes are specific to caches and can only be applied to respo - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/width/index.md b/files/en-us/web/http/headers/width/index.md index 98f93b155cbc034..a352d24c1a3258e 100644 --- a/files/en-us/web/http/headers/width/index.md +++ b/files/en-us/web/http/headers/width/index.md @@ -30,7 +30,7 @@ If the `Width` header appears more than once in a message the last occurrence is - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/www-authenticate/index.md b/files/en-us/web/http/headers/www-authenticate/index.md index aeb27cfbf0c1347..0710a8ffddc95a2 100644 --- a/files/en-us/web/http/headers/www-authenticate/index.md +++ b/files/en-us/web/http/headers/www-authenticate/index.md @@ -29,7 +29,7 @@ The client is expected to select the most secure of the challenges it understand {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/x-content-type-options/index.md b/files/en-us/web/http/headers/x-content-type-options/index.md index 195006cc52f36f6..95446ed225ac6d4 100644 --- a/files/en-us/web/http/headers/x-content-type-options/index.md +++ b/files/en-us/web/http/headers/x-content-type-options/index.md @@ -23,7 +23,7 @@ Site security testers usually expect this header to be set. {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/x-dns-prefetch-control/index.md b/files/en-us/web/http/headers/x-dns-prefetch-control/index.md index 842275b026fdbe0..8adbb2d22d50281 100644 --- a/files/en-us/web/http/headers/x-dns-prefetch-control/index.md +++ b/files/en-us/web/http/headers/x-dns-prefetch-control/index.md @@ -21,7 +21,7 @@ This reduces latency when the user clicks a link, for example. {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/x-forwarded-for/index.md b/files/en-us/web/http/headers/x-forwarded-for/index.md index a1b415f044a9b26..dfc94ba075f5690 100644 --- a/files/en-us/web/http/headers/x-forwarded-for/index.md +++ b/files/en-us/web/http/headers/x-forwarded-for/index.md @@ -23,7 +23,7 @@ A standardized version of this header is the HTTP {{HTTPHeader("Forwarded")}} he {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/x-forwarded-host/index.md b/files/en-us/web/http/headers/x-forwarded-host/index.md index ff489f387e251ea..bfbb69cc49b781d 100644 --- a/files/en-us/web/http/headers/x-forwarded-host/index.md +++ b/files/en-us/web/http/headers/x-forwarded-host/index.md @@ -21,7 +21,7 @@ A standardized version of this header is the HTTP {{HTTPHeader("Forwarded")}} he {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/x-forwarded-proto/index.md b/files/en-us/web/http/headers/x-forwarded-proto/index.md index 34f9c713d3bba89..71b58c3468e03cb 100644 --- a/files/en-us/web/http/headers/x-forwarded-proto/index.md +++ b/files/en-us/web/http/headers/x-forwarded-proto/index.md @@ -22,7 +22,7 @@ A standardized version of this header is the HTTP {{HTTPHeader("Forwarded")}} he {{Glossary("Request header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/x-frame-options/index.md b/files/en-us/web/http/headers/x-frame-options/index.md index e23946c527557e6..2a89e35285545d4 100644 --- a/files/en-us/web/http/headers/x-frame-options/index.md +++ b/files/en-us/web/http/headers/x-frame-options/index.md @@ -21,7 +21,7 @@ The added security is provided only if the user accessing the document is using {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/x-permitted-cross-domain-policies/index.md b/files/en-us/web/http/headers/x-permitted-cross-domain-policies/index.md index 121a09d5a2081fc..74e4b51dc69f9a2 100644 --- a/files/en-us/web/http/headers/x-permitted-cross-domain-policies/index.md +++ b/files/en-us/web/http/headers/x-permitted-cross-domain-policies/index.md @@ -22,7 +22,7 @@ Some security testing tools will still check for the presence of a `X-Permitted- {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/x-robots-tag/index.md b/files/en-us/web/http/headers/x-robots-tag/index.md index 029138228b3329f..87ec8735f4a31ea 100644 --- a/files/en-us/web/http/headers/x-robots-tag/index.md +++ b/files/en-us/web/http/headers/x-robots-tag/index.md @@ -26,7 +26,7 @@ Specifying indexing rules in a HTTP header is useful for non-HTML documents like {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No diff --git a/files/en-us/web/http/headers/x-xss-protection/index.md b/files/en-us/web/http/headers/x-xss-protection/index.md index be0563306510013..47c9a9a5af43dc2 100644 --- a/files/en-us/web/http/headers/x-xss-protection/index.md +++ b/files/en-us/web/http/headers/x-xss-protection/index.md @@ -26,7 +26,7 @@ It is recommended that you use [`Content-Security-Policy`](/en-US/docs/Web/HTTP/ {{Glossary("Response header")}} - {{Glossary("Forbidden header name")}} + {{Glossary("Forbidden request header")}} No