# Headers and CORS

The headers middleware sets request/response headers and controls CORS for your application.

## CORS

To enable CORS headers, add the following section to your configuration.

{% code title=".rr.yaml" %}

```yaml
version: "3"

http:
  address: 127.0.0.1:44933
  middleware: ["headers"]
  # ...
  headers:
    cors:
      allowed_origin: "*"
      # If `allowed_origin_regex` option is set, the content of `allowed_origin` is ignored
      allowed_origin_regex: "^http://foo"
      allowed_headers: "*"
      allowed_methods: "GET,POST,PUT,DELETE"
      allow_credentials: true
      exposed_headers: "Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma"
      max_age: 600
      # Status code to use for successful OPTIONS requests. Default value is 200.
      options_success_status: 200
      # Debugging flag adds additional output to debug server side CORS issues, consider disabling in production.
      debug: false
```

{% endcode %}

> Make sure to declare "headers" middleware.

{% hint style="info" %}
Since RoadRunner v2023.2.0, the following changes were made:

* Ability to define status code of successful OPTIONS request via `options_success_status` config;
* Debug flag (`debug: true/false`) was added to enable additional output to debug CORS issues;
* Allowed to define multiple `allowed_origin` values separated by comma;
* CORS requests are handled using [rs/cors](https://github.com/rs/cors) package.
  {% endhint %}

## Custom headers for response or request

You can control additional headers for outgoing responses and headers to be added to requests sent to your application.

{% code title=".rr.yaml" %}

```yaml
version: "3"

http:
  # ...
  headers:
      # Automatically add headers to every request passed to PHP.
      request:
        Example-Request-Header: "Value"
    
      # Automatically add headers to every response.
      response:
        X-Powered-By: "RoadRunner"
```

{% endcode %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.roadrunner.dev/docs/http/headers.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.