XMLHttpRequest 2 Demo: Cross-origin Requests Without Credentials

Click the button to trigger a cross-origin request without credentials.

If you examine the request and response details, you'll see that no request cookie is sent when we make a request. This is unlike what happens when withCredentials is true

Again, since this is a cross-origin request, we will only see a limited subset of response headers.

Response

Response headers

Function

function makeRequest(event){
     event.preventDefault();

     var xhr, onLoadHandler, results, headers;

     headers = document.querySelector('#headers');
     results = document.querySelector('#results');

     onLoadHandler = function(event){
          var i, xhr = event.target;
          headers.innerHTML = xhr.getAllResponseHeaders();
          results.innerHTML = xhr.responseText;
     }

     xhr = new XMLHttpRequest();
     xhr.open('GET','http://webinista.com/xhrdata/index.php');
     xhr.withCredentials = false;
     xhr.onload = onLoadHandler;
     xhr.send();
}