Headers: set() method
The set() method of the Headers interface sets a new value for an existing header inside a Headers object, or adds the header if it does not already exist.
The difference between set() and Headers.append is that if the specified header already exists and accepts multiple values, set() overwrites the existing value with the new one, whereas Headers.append appends the new value to the end of the set of values.
For security reasons, some headers can only be controlled by the user agent. These headers include the forbidden header names and forbidden response header names.
Syntax
Parameters
The name of the HTTP header you want to set to a new value. If the given name is not the name of an HTTP header, this method throws a TypeError .
The new value you want to set.
Return value
Examples
Creating an empty Headers object is simple:
const myHeaders = new Headers(); // Currently empty
You could add a header to this using Headers.append , then set a new value for this header using set() :
.append("Content-Type", "image/jpeg"); myHeaders.set("Content-Type", "text/html");
If the specified header does not already exist, set() will create it and set its value to the specified value. If the specified header does already exist and does accept multiple values, set() will overwrite the existing value with the new one:
.set("Accept-Encoding", "deflate"); myHeaders.set("Accept-Encoding", "gzip"); myHeaders.get("Accept-Encoding"); // Returns 'gzip'
You’d need Headers.append to append the new value onto the values, not overwrite it.
Specifications
Browser compatibility
BCD tables only load in the browser
See also
Found a content problem with this page?
This page was last modified on Jul 12, 2023 by MDN contributors.
Your blueprint for a better internet.
MDN
Support
Our communities
Developers
Visit Mozilla Corporation’s not-for-profit parent, the Mozilla Foundation.
Portions of this content are ©1998– 2023 by individual mozilla.org contributors. Content available under a Creative Commons license.
How to set a Header field on POST a form?
However you may use for example jquery (although you can do it with plain javascript) to serialize the form and send (using AJAX) while adding your custom header.
Look at the jquery serialize which changes an HTML FORM into form-url-encoded values ready for POST.
UPDATE
My suggestion is to include either
I can’t use ajax in this case. Somehow, I’m Post and Redirect to a aspx page. Redirection is happen by From Post.
Yes you can serialize files into Base64 strings, perhaps very clumsy for huge files since Base64 can be quite bulky. But so is every serialization method.
I’d just add it as a query string param & have your server check to see if a header or query string exists and has the token.
Set a cookie value on the page, and then read it back server side.
You won’t be able to set a specific header, but the value will be accessible in the headers section and not the content body.
Note: If the header you want to add is for CSRF protection, make sure you do not store that token in a cookie, or you’ll defeat the CSRF protection.
XMLHttpRequest Level 2 adds support for the new FormData interface. FormData objects provide a way to easily construct a set of key/value pairs representing form fields and their values, which can then be easily sent using the XMLHttpRequest send() method.
With an XMLHttpRequest you can set the custom headers and then do the POST .
In fact a better way to do it to save a cookie on the client side. Then the cookie is automatically sent with every page header for that particular domain.
In node-js, you can set up and use cookies with cookie-parser.
Note that httpOnly:true ensures that the cookie is usually not accessible manually or through javascript and only browser can access it. If you want to send some headers or security tokens with a form post, and not through ajax, in most situation this can be considered a secure way. Although make sure that the data is sent over secure protocol /ssl if you are storing some sensitive user related info which is usually the case.