Skip to content
Skip to content
API Pricing RU Sign In
← All HTTP Headers
CORS

Access-Control-Max-Age

Specifies how long the results of a CORS preflight request can be cached.

Syntax

Access-Control-Max-Age: <delta-seconds>

Example

Access-Control-Max-Age: 3600

Description

The Access-Control-Max-Age header indicates how many seconds the browser can cache the result of a CORS preflight request. During this period, the browser does not need to send another preflight for the same resource.

Setting a reasonable value (e.g. 3600 seconds) reduces unnecessary preflight requests and improves performance for API-heavy applications. Some browsers have a maximum limit they enforce regardless of this value.

Check if your website sends this header correctly

Check your headers →

Related Articles

HTTP Methods Explained: GET, POST, PUT, DELETE and Beyond
A comprehensive guide to HTTP methods — GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS. Learn semantics, use cases, and best practices for REST APIs.
CORS Explained: Cross-Origin Resource Sharing Guide
Understand CORS — how cross-origin requests work, preflight checks, headers, common errors, and how to configure CORS correctly for your web application.
Analyzing Server Response Headers: What They Reveal About a Website
A detailed guide to HTTP headers: Cache-Control, ETag, Server, CORS, and security headers. How to read and optimize response headers.

Related Headers

Access-Control-Allow-Credentials
Indicates whether the response to a credentialed cross-origin request can be exposed to JavaScript.
Access-Control-Allow-Headers
Specifies which HTTP headers can be used in the actual request following a CORS preflight.
Access-Control-Allow-Methods
Specifies which HTTP methods are allowed in a CORS preflight response.
Access-Control-Allow-Origin
Specifies which origins are permitted to read the response, the fundamental CORS header.

Start monitoring for free

Sign up and get access to API, monitoring and notifications

Create Account API Documentation