Sending GET request with CORS Headers

To send a GET request with CORS headers, you need to provide an "Origin: URL" HTTP header that specifies the origin of the request (domain, port, or scheme) other than the destination server address. Before making a GET request with CORS headers, browsers always send an OPTIONS request to check if the target server allows cross-domain requests for the required HTTP method and response headers. The Origin header should only contain the protocol and domain name and not include the URL path. Click Send to execute the GET request with CORS Example online and see the result on the Response Headers tab.
Sending GET request with CORS Headers Send
OPTIONS /echo/get/json HTTP/1.1
Access-Control-Request-Method: POST

Updated: Viewed: 36559 times

What is HTTP?

Hypertext Transfer Protocol (HTTP) is a network communication protocol that enables the communication between HTTP clients (browser or mobile application) and servers. HTTP is based on a request/response architecture between a client and the server. The client application sends the request to the server, and the server processes the client's request and sends a response back to the client. Each HTTP message consists of a request string (status line for response), HTTP headers, and a message body.

What is GET request?

The GET request method is used to retrieve data from a specified URL. The HTTP GET method is one of nine standard Hypertext Transfer Protocol (HTTP) request methods. GET requests should only receive data and should not affect the state of the server.

What is CORS?

Cross-Origin Resource Sharing (CORS) is a security mechanism that is based on HTTP headers. CORS enables secure communication between browsers and servers from different sources. CORS was created due to the constraints of a uniform origin policy, which restricts resources to interact only with resources located in the same domain.

Origin Header Example
Origin: [URL]

How to make GET request wit CORS Headers?

To make a GET request with CORS headers, you need to send a 'preflight' OPTIONS request to the server and check if the server can provide the required HTTP headers. If your request is acceptable to the server, it will respond with a 200 status code, which will include an Access-Control-Allow-Origin header with your domain name and an Access-Control-Allow-Headers header that contains the required HTTP headers. After that, you can send the following GET request to get the required information.

OPTIONS Request With CORS Headers
OPTIONS /echo/get/json HTTP/1.1
Access-Control-Request-Headers: Content-Type

The server's response to our OPTIONS request informs that the client can send a GET request with CORS headers.

Server Response To OPTIONS Request
HTTP/1.1 200 OK
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Content-Type

See also

Generate Code Snippets for GET Request CORS Headers Example

Convert your GET Request CORS Headers request to the PHP, JavaScript/AJAX, Node.js, Curl/Bash, Python, Java, C#/.NET code snippets using the ReqBin code generator.