Does a GET request trigger a CORS preflight?
Usually no. GET requests without custom headers are 'simple' and do not trigger a preflight. The browser sends the GET directly and checks the response headers. But a GET with a custom header (like Authorization) does trigger a preflight.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in CORS Preflight Requests Explained
An HTTP OPTIONS request that the browser sends before the actual request, to check if the server allows it. It includes Access-Control-Request-Method and Access-Control-Request-Headers. The server responds with the allowed methods, headers, and origins.
When the request is not 'simple': methods other than GET/POST/HEAD (PUT, DELETE, PATCH), custom headers (Authorization, X-Custom), or Content-Type application/json. Simple requests (GET, POST with form data) do not trigger a preflight.
OPTIONS. The browser sends an OPTIONS request with Access-Control-Request-Method and Access-Control-Request-Headers. The server responds with 204 No Content and the CORS headers.
Still have questions?
Browse all our FAQs or reach out to our support team
