This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
http://xhr.spec.whatwg.org/#the-setrequestheader()-method [[ Terminate these steps if name is a forbidden author header name. ]] Perhaps we should throw a SecurityError or similar here?
This is a very old API, we can't.