<!doctype html> <html> <head> <title>XMLHttpRequest: setRequestHeader() - headers that are forbidden</title> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> <link rel="help" href="https://xhr.spec.whatwg.org/#the-setrequestheader()-method" data-tested-assertations="/following::ol/li[5]" /> </head> <body> <div id="log"></div> <script> test(function() { var client = new XMLHttpRequest() client.open("POST", "resources/inspect-headers.py?filter_value=TEST", false) client.setRequestHeader("Accept-Charset", "TEST") client.setRequestHeader("Accept-Encoding", "TEST") client.setRequestHeader("Connection", "TEST") client.setRequestHeader("Content-Length", "TEST") client.setRequestHeader("Cookie", "TEST") client.setRequestHeader("Cookie2", "TEST") client.setRequestHeader("Date", "TEST") client.setRequestHeader("DNT", "TEST") client.setRequestHeader("Expect", "TEST") client.setRequestHeader("Host", "TEST") client.setRequestHeader("Keep-Alive", "TEST") client.setRequestHeader("Referer", "TEST") client.setRequestHeader("TE", "TEST") client.setRequestHeader("Trailer", "TEST") client.setRequestHeader("Transfer-Encoding", "TEST") client.setRequestHeader("Upgrade", "TEST") client.setRequestHeader("Via", "TEST") client.setRequestHeader("Proxy-", "TEST") client.setRequestHeader("Proxy-Authorization", "TEST") client.setRequestHeader("Sec-", "TEST") client.setRequestHeader("Sec-X", "TEST") client.send(null) assert_equals(client.responseText, "") }) </script> </body> </html>