HTTP headers | Access-Control-Allow-Credentials

The HTTP Access-Control-Allow-Credentials is a Response header. The Access-Control-Allow-Credentials header is used to tell the browsers to expose the response to front-end JavaScript code when the request’s credentials mode Request.credentials is “include”. Remember one thing when the Request.credentials is “include” mode browsers will expose the response to front-end JavaScript code if the Access-Control-Allow-Credentials is set true.

The Access-Control-Allow-Credentials header performs with the XMLHttpRequest.withCredentials property or with the credentials option in the Request() constructor of the Fetch API.

Note: Credentials are actually cookies, authorization headers or TLS(Transport Layer Security) client certificates.


Access-Control-Allow-Credentials: true

Directives: This header accept a single directive mentioned above and described below:

  • true: This the only meaningful or you can say valid value for Access-Control-Allow-Credentials header. If this credentials is not required, then remove the header. Don’t put there Access-Control-Allow-Credentials: false. This directive is case sensitive true


  • This is allowing the Access-Control-Allow-Credentials.
    Access-Control-Allow-Credentials: true
  • This is using the xhr with credentials.
    var xhr = new XMLHttpRequest();'GET', '', true); 
    xhr.withCredentials = true; 
  • This is using Fetch with credentials.
    fetch(url, {
      credentials: 'include'  

To check this Access-Control-Allow-Credentials in action go to Inspect Element -> Network check the reponse header for Access-Control-Allow-Credentials like below, Access-Control-Allow-Credentials is highlighted you can see.

Supported Browsers: The browsers compatible with HTTP Access-Control-Allow-Credentials header are listed below:

  • Google Chrome
  • Internet Explorer
  • Firefox
  • Safari
  • Opera

My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using or mail your article to See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.