Facebook Pixel

What is Access-Control-Max-Age in CORS?

A header that tells the browser how long (in seconds) to cache the preflight result. Within this period, subsequent requests to the same URL do not trigger a new preflight. Common values: 3600 (1 hour).

Verify This Answer

Cross-check this information using these trusted sources:

More FAQs in CORS Preflight Requests Explained

An HTTP OPTIONS request that the browser sends before the actual request, to check if the server allows it. It includes Access-Control-Request-Method and Access-Control-Request-Headers. The server responds with the allowed methods, headers, and origins.

When the request is not 'simple': methods other than GET/POST/HEAD (PUT, DELETE, PATCH), custom headers (Authorization, X-Custom), or Content-Type application/json. Simple requests (GET, POST with form data) do not trigger a preflight.

OPTIONS. The browser sends an OPTIONS request with Access-Control-Request-Method and Access-Control-Request-Headers. The server responds with 204 No Content and the CORS headers.

Still have questions?

Browse all our FAQs or reach out to our support team

Want to upskill yourself?

Our courses are taking a Coffee break, but your curiosity shouldn't. Stay engaged with namastedev linkedin, youtube, discord and other resources while you wait.

0
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.