Access-Control-Max-Age
The HTTP Access-Control-Max-Age response header is sent by the server to indicate how long, in seconds, the results of a preflight request can be cached.
Usage
The Access-Control-Max-Age response header is part of the CORS protocol to allow cross-origin sharing, and it is included as part of a HTTP response to a preflight request. The server uses it to inform the client as to how long the results can be cached. The default value is five seconds.
Note
The [Chromium platform] allows it to be cached for up to two hours (7200 seconds).
Example
In this example, the server responds to a preflight request that was made by the client. As part of it, the Access-Control-Max-Age response header is included to indicate that the results of the preflight request are cached for 600 seconds (10 minutes).
Response
Access-Control-Max-Age: 600
Takeaway
The Access-Control-Max-Age response header is sent by a server to inform clients how long the results of the preflight request are cached.