The Access-Control-Allow-Credentials header indicates whether the response to request can be exposed when the omit credentials flag is unset. When part of the response to a preflight request it indicates that the actual request can include user credentials. (W3C TR Cross-Origin Resource Sharing (CORS))


Return to list of all ( HTTP Header Fields | Web Concepts )