• Log inStart now

AJAX call fails with a CORS redirect error message


A redirected AJAX call is being rejected with a CORS error message, for example:

Access to XMLHttpRequest at 'https://my-domain-2/path' (redirected from
'https://my-domain-1/path') from origin 'https://my-website-domain' has been
blocked by CORS policy: Request header field x-newrelic-id is not allowed by
Access-Control-Allow-Headers in preflight response.


To resolve this error, update your code to make the AJAX call to the new URL provided by the redirect. For more information, see the MDN article CORS request external redirect not allowed.


The browser agent automatically adds custom headers to outgoing same-origin AJAX calls in order to support the Distributed Tracing feature.

When the server that receives the AJAX call responds with a redirect status code (such as 302), the browser will automatically make the same AJAX call to the redirected URL. And if this new URL is on a different origin and the call does not pass the CORS preflight, the browser will fail the call with the error message listed above.

Copyright © 2023 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.