In JavaScript, the Fetch API's access to certain headers is restricted for security reasons during a CORS request.
We can see the actual headers of a resource using curl in the terminal:
curl -I https://i.imgur.com/z4d4kWk.jpg
And here's the result:
HTTP/1.1 200 OK
Last-Modified: Thu, 02 Feb 2017 11:15:53 GMT
ETag: "18c50e1bbe972bdf9c7d9b8f6f019959"
x-amz-storage-class: STANDARD_IA
Content-Type: image/jpeg
cache-control: public, max-age=31536000
Content-Length: 146515
Accept-Ranges: bytes
Date: Sat, 14 Jul 2018 01:34:10 GMT
Age: 446795
Connection: keep-alive
X-Served-By: cache-iad2134-IAD, cache-syd18935-SYD
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
X-Timer: S1531532051.675972,VS0,VE2
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
Here's the equivalent request using fetch:
await fetch("https://i.imgur.com/z4d4kWk.jpg", { method: 'HEAD' }).then(r => [...r.headers.entries()].map(l => l.join(": ")).join("\n"))
And here's the result:
cache-control: public, max-age=31536000
content-type: image/jpeg
last-modified: Thu, 02 Feb 2017 11:15:53 GMT
But imgur allows other origins to access that resource (see Access-Control-Allow-Origin: * in curl output above), and so we can actually get the contents of the file:
await fetch("https://i.imgur.com/z4d4kWk.jpg").then(r => r.arrayBuffer())
So we can get the actual contents of the file, and yet we can't get the headers?
At first I thought it was because we were making a HEAD request and imgur specifies Access-Control-Allow-Methods: GET, OPTIONS, but I tried using a GET request and still got the same limited set of headers:
await fetch("https://i.imgur.com/z4d4kWk.jpg").then(r => [...r.headers.entries()].map(l => l.join(": ")).join("\n"))
Any idea why we're unable to see the headers even when we have full access to the content itself?