hoppscotch/helpers/headers.js

export const commonHeaders = [
  "WWW-Authenticate",
  "Authorization",
  "Proxy-Authenticate",
  "Proxy-Authorization",
  "Age",
  "Cache-Control",
  "Clear-Site-Data",
  "Expires",
  "Pragma",
  "Warning",
  "Accept-CH",
  "Accept-CH-Lifetime",
  "Early-Data",
  "Content-DPR",
  "DPR",
  "Device-Memory",
  "Save-Data",
  "Viewport-Width",
  "Width",
  "Last-Modified",
  "ETag",
  "If-Match",
  "If-None-Match",
  "If-Modified-Since",
  "If-Unmodified-Since",
  "Vary",
  "Connection",
  "Keep-Alive",
  "Accept",
  "Accept-Charset",
  "Accept-Encoding",
  "Accept-Language",
  "Expect",
  "Max-Forwards",
  "Cookie",
  "Set-Cookie",
  "Cookie2",
  "Set-Cookie2",
  "Access-Control-Allow-Origin",
  "Access-Control-Allow-Credentials",
  "Access-Control-Allow-Headers",
  "Access-Control-Allow-Methods",
  "Access-Control-Expose-Headers",
  "Access-Control-Max-Age",
  "Access-Control-Request-Headers",
  "Access-Control-Request-Method",
  "Origin",
  "Service-Worker-Allowed",
  "Timing-Allow-Origin",
  "X-Permitted-Cross-Domain-Policies",
  "DNT",
  "Tk",
  "Content-Disposition",
  "Content-Length",
  "Content-Type",
  "Content-Encoding",
  "Content-Language",
  "Content-Location",
  "Forwarded",
  "X-Forwarded-For",
  "X-Forwarded-Host",
  "X-Forwarded-Proto",
  "Via",
  "Location",
  "From",
  "Host",
  "Referer",
  "Referrer-Policy",
  "User-Agent",
  "Allow",
  "Server",
  "Accept-Ranges",
  "Range",
  "If-Range",
  "Content-Range",
  "Cross-Origin-Opener-Policy",
  "Cross-Origin-Resource-Policy",
  "Content-Security-Policy",
  "Content-Security-Policy-Report-Only",
  "Expect-CT",
  "Feature-Policy",
  "Public-Key-Pins",
  "Public-Key-Pins-Report-Only",
  "Strict-Transport-Security",
  "Upgrade-Insecure-Requests",
  "X-Content-Type-Options",
  "X-Download-Options",
  "X-Frame-Options",
  "X-Powered-By",
  "X-XSS-Protection",
  "Last-Event-ID",
  "NEL",
  "Ping-From",
  "Ping-To",
  "Report-To",
  "Transfer-Encoding",
  "TE",
  "Trailer",
  "Sec-WebSocket-Key",
  "Sec-WebSocket-Extensions",
  "Sec-WebSocket-Accept",
  "Sec-WebSocket-Protocol",
  "Sec-WebSocket-Version",
  "Accept-Push-Policy",
  "Accept-Signature",
  "Alt-Svc",
  "Date",
  "Large-Allocation",
  "Link",
  "Push-Policy",
  "Retry-After",
  "Signature",
  "Signed-Headers",
  "Server-Timing",
  "SourceMap",
  "Upgrade",
  "X-DNS-Prefetch-Control",
  "X-Firefox-Spdy",
  "X-Pingback",
  "X-Requested-With",
  "X-Robots-Tag",
  "X-UA-Compatible",
]