Blog

fetch() credentials modes: cors, same-origin, and opaque responses

Understand when no-cors returns an opaque response and why you cannot read JSON cross-origin without CORS.

Published: 2025-05-15Updated: 2025-06-041 min read

fetchcorscredentials

Mode selection guide

Use cors when you need to read JSON from another origin that returns proper CORS headers.

no-cors is for opaque use cases like beacon pixels—not for APIs you expect to parse.

Log response.type in the client to distinguish cors, opaque, and error outcomes quickly.

Pair with DevTools Issues tab messages when preflight fails before the main request.