The Access-Control-Max-Age
response header indicates how long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods
and Access-Control-Allow-Headers
headers) can be cached.
Header type | Response header |
---|---|
Forbidden header name | no |
Syntax
Access-Control-Max-Age: <delta-seconds>
Directives
- <delta-seconds>
- Maximum number of seconds the results can be cached.
UXP caps this at 24 hours (86400 seconds).
Chromium (prior to v76) caps at 10 minutes (600 seconds).
Chromium (starting in v76) caps at 2 hours (7200 seconds).
Chromium also specifies a default value of 5 seconds.
A value of -1 will disable caching, requiring a preflight OPTIONS check for all calls.
Examples
Cache results of a preflight request for 10 minutes:
Access-Control-Max-Age: 600
Specifications
Specification | Status | Comment |
---|---|---|
Fetch The definition of 'Access-Control-Max-Age' in that specification. |
Living Standard | Initial definition. |
Browser compatibility
The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Access-Control-Max-Age | Chrome Full support 4 | Edge Full support 12 | Firefox Full support 3.5 | IE Full support 10 | Opera Full support 12 | Safari Full support 4 | WebView Android Full support 2 | Chrome Android Full support Yes | Firefox Android Full support 4 | Opera Android Full support 12 | Safari iOS Full support 3.2 | Samsung Internet Android Full support Yes |
Legend
- Full support
- Full support