| CARVIEW |
Select Language
HTTP/2 301
content-length: 162
content-type: text/html
date: Thu, 16 Oct 2025 02:00:26 GMT
location: https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/XMLHttpRequest
server: nginx
strict-transport-security: max-age=60; includeSubDomains
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
HTTP/2 200
content-type: text/html
x-guploader-uploadid: AAwnv3LK1LzG2hPOiN7BPm2dZyiGMnW-AXQHdGTqbP-Uh2-KlbpfCE1U-PfUrqhbvy4P3id1-22pCU0
cache-control: public, max-age=3600
expires: Thu, 16 Oct 2025 03:00:27 GMT
last-modified: Thu, 16 Oct 2025 01:07:13 GMT
etag: W/"cf09bbcc4bf8dd49c3d7ba50751dbad5"
x-goog-generation: 1760576833580088
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 139939
x-goog-meta-goog-reserved-file-mtime: 1760575337
x-goog-hash: crc32c=ckJKZQ==, md5=zwm7zEv43UnD17pQdR261Q==
x-goog-storage-class: STANDARD
accept-ranges: none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
alt-svc: clear
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=63072000
content-security-policy: default-src 'self'; script-src 'report-sample' 'self' 'wasm-unsafe-eval' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js assets.codepen.io production-assets.codepen.io https://js.stripe.com 'sha256-XNBp89FG76amD8BqrJzyflxOF9PaWPqPqvJfKZPCv7M=' 'sha256-YCNoU9DNiinACbd8n6UPyB/8vj0kXvhkOni9/06SuYw=' 'sha256-PZjP7OR6mBEtnvXIZfCZ5PuOlxoDF1LDZL8aj8c42rw='; script-src-elem 'report-sample' 'self' 'wasm-unsafe-eval' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js assets.codepen.io production-assets.codepen.io https://js.stripe.com 'sha256-XNBp89FG76amD8BqrJzyflxOF9PaWPqPqvJfKZPCv7M=' 'sha256-YCNoU9DNiinACbd8n6UPyB/8vj0kXvhkOni9/06SuYw=' 'sha256-PZjP7OR6mBEtnvXIZfCZ5PuOlxoDF1LDZL8aj8c42rw='; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' developer.allizom.org bcd.developer.allizom.org bcd.developer.mozilla.org updates.developer.allizom.org updates.developer.mozilla.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://incoming.telemetry.mozilla.org https://observatory-api.mdn.allizom.net https://observatory-api.mdn.mozilla.net https://api.github.com/search/issues stats.g.doubleclick.net https://api.stripe.com; font-src 'self'; frame-src 'self' interactive-examples.mdn.mozilla.net interactive-examples.mdn.allizom.net mdn.github.io live-samples.mdn.mozilla.net live-samples.mdn.allizom.net *.mdnplay.dev *.mdnyalp.dev *.play.test.mdn.allizom.net https://v2.scrimba.com https://scrimba.com jsfiddle.net www.youtube-nocookie.com codepen.io survey.alchemer.com https://js.stripe.com; img-src 'self' data: *.githubusercontent.com *.googleusercontent.com *.gravatar.com mozillausercontent.com firefoxusercontent.com profile.stage.mozaws.net profile.accounts.firefox.com developer.mozilla.org mdn.dev interactive-examples.mdn.mozilla.net interactive-examples.mdn.allizom.net wikipedia.org upload.wikimedia.org https://mdn.github.io/shared-assets/ https://mdn.dev/ https://*.google-analytics.com https://*.googletagmanager.com www.gstatic.com; manifest-src 'self'; media-src 'self' archive.org videos.cdn.mozilla.net https://mdn.github.io/shared-assets/; child-src 'self'; worker-src 'self';
x-frame-options: DENY
origin-trial: AxVILwizhbMjxFeHOn1P3R8niO1RJY/smaK4B4d1rLzc1gTaxtXMSaTi+FoigYgCw40uFRDwFcEAeqDR+vVLOW4AAABfeyJvcmlnaW4iOiJodHRwczovL2RldmVsb3Blci5tb3ppbGxhLm9yZyIsImZlYXR1cmUiOiJQcml2YXRlQXR0cmlidXRpb25WMiIsImV4cGlyeSI6MTc0MjA3OTYwMH0=
x-cloud-trace-context: 5856dabcde2e2c1a063a5d8e89ff75e4
date: Thu, 16 Oct 2025 02:00:28 GMT
server: Google Frontend
via: 1.1 google
vary: Accept-Encoding
content-encoding: gzip
x-cache: miss
XMLHttpRequest: XMLHttpRequest() constructor - Web APIs | MDN
Toggle sidebar
XMLHttpRequest: XMLHttpRequest() constructor
Baseline
Widely available
This feature is well established and works across many devices and browser versions. It’s been available across browsers since July 2015.
Note: This feature is available in Web Workers, except for Service Workers.
The XMLHttpRequest() constructor
creates a new XMLHttpRequest.
Syntax
js
new XMLHttpRequest()
// Non-standard
new XMLHttpRequest(options)
Parameters
There are no standard parameters. However, Firefox allows a non-standard parameter:
optionsNon-standard-
An object that can contain the following flags:
mozAnon-
A boolean. When setting this flag to
truewill cause the browser not to expose the origin and user credentials when fetching resources. Most important, this means that cookies will not be sent unless explicitly added usingsetRequestHeader. mozSystem-
A boolean. When setting this flag to
true, the same origin policy will not be enforced on the request.
Return value
A new XMLHttpRequest object. The object must be prepared by at least
calling open() to initialize it before calling
send() to send the request to the server.
Specifications
| Specification |
|---|
| XMLHttpRequest # dom-xmlhttprequest |
Browser compatibility
Loading…