Im using dojo 1.4.0. The server requires that I pass credentials through a custom HTTP header called Myauthtoken.Somewhere along the process, the custom header is being dropped or corrupted, and the server doesnt accept it. After a bit more research, it looks like the problem is that the server is expecting the headers to be case-sensitive, while Firefox is converting the headers to lowercase. dojo/request/xhr is a provider that uses A hash of the custom headers to be sent with the request.Grauws blog. Accept header sent specification is that when an Accept header is not set of manipulating the Accept header on a XMLHttpRequest In addition to the properties listed for the dojo.IoArgs type, the following properties are allowed for dojo.xhr methods.Set to false to prevent a Content-Type header from being sent, or to a string to send a different Content-Type. There is a filter in the middle that determines if Im making AJAX calls or non-AJAX calls, and handles the security differently depending on which it is. However, the above is not setting "application/json" in the Accept header. Dojos dojo.xhr methods all accept an object with properties for handling the request, and one property you can add is handleAs. The handleAs property should be a string representing the type of parsing that should be done to the result before its passed to the load method or deferred callback. repo1.maven.