Why do my XHR/FETCH requests not contain Distil cookies?

The purpose of this article is to go over the browser requirements for sending cookies in XMLHttpRequests (XHR) or Fetch requests. These types of requests may also be known more broadly as AJAX requests. It is important to review that browsers require certain attributes to be set with XHR or fetch objects to send cookies.

If the browser loads the main document from one domain, and then submits AJAX calls to another domain, then you will need to refer to browser guidelines around CORS. For example, if you the main browser document is loaded from and AJAX calls are sent to, then you will need to refer to the CORS documentation. If the browser loads the main document from and the AJAX calls are made to the same domain, but a different path like, then it is most likely not necessary to follow the CORS guidelines. Below is a link to the CORS documentation.

Below are links and examples from the links on the most basic ways to send cookies in a given HTTP request.

var xhr = new XMLHttpRequest();'GET', '', true);
xhr.withCredentials = true;

fetch('', {
  credentials: 'include'


Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request