The Access-Control-Max-Age HTTP header is a response header that gives the time for which results of a CORS preflight request that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers, can be cached. The CORS preflight request contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers.
Syntax:
Access-Control-Max-Age: <delta-seconds>
Directives: This header accepts a single directive mentioned above and described below:
- <delta-seconds>: It specifies how many maximum seconds can the result be cached.
Note: If -1 is present then caching is disabled.
Examples:
- In this example, the results of a preflight request get cached for 200 seconds.
Access-Control-Max-Age: 200
- In this example, the results are not allowed to be cached.
Access-Control-Max-Age: -1
To check this Access-Control-Max-Age in action, go to Inspect Element -> Network check the response header for Access-Control-Max-Age like below, Access-Control-Max-Age is highlighted you can see.
Supported Browsers: The browsers are compatible with HTTP Access-Control-Max-Age header are listed below:
- Google Chrome 4.0
- Internet Explorer 10.0
- Opera 12.0
- Firefox 3.5
- Safari 4.0