Skip to content
Skip to content
API Pricing RU Sign In
← All HTTP Headers
CORS

Access-Control-Allow-Credentials

Indicates whether the response to a credentialed cross-origin request can be exposed to JavaScript.

Syntax

Access-Control-Allow-Credentials: true

Example

Access-Control-Allow-Credentials: true

Description

The Access-Control-Allow-Credentials response header tells browsers whether the response to a cross-origin request with credentials (cookies, HTTP auth, client-side certificates) can be exposed to JavaScript.

When set to true, the Access-Control-Allow-Origin header must specify an explicit origin (not *), otherwise the browser will block the response.

Check if your website sends this header correctly

Check your headers →

Related Articles

CORS Explained: Cross-Origin Resource Sharing Guide
Understand CORS — how cross-origin requests work, preflight checks, headers, common errors, and how to configure CORS correctly for your web application.
Analyzing Server Response Headers: What They Reveal About a Website
A detailed guide to HTTP headers: Cache-Control, ETag, Server, CORS, and security headers. How to read and optimize response headers.
HTTP Headers: The Complete Guide
What are HTTP headers, their types, and how request and response headers work. Practical examples and recommendations for web developers.

Related Headers

Access-Control-Allow-Headers
Specifies which HTTP headers can be used in the actual request following a CORS preflight.
Access-Control-Allow-Methods
Specifies which HTTP methods are allowed in a CORS preflight response.
Access-Control-Allow-Origin
Specifies which origins are permitted to read the response, the fundamental CORS header.
Access-Control-Max-Age
Specifies how long the results of a CORS preflight request can be cached.

Start monitoring for free

Sign up and get access to API, monitoring and notifications

Create Account API Documentation