This preflight request has the Origin header and other headers to indicate the HTTP. Cross-origin AJAX requests for Shib-protected resources. Reference provided by you helped a lot me and I was missing the headers for origin from server side Here is another fix using Jquery Ajax Code. Makes an AJAX GET request to httpaem-publishlocalcontentwe-retail. Ajax xhrFields withCredentials Cross domain ajax request When you do a cross-origin request the browser sends Origin header with the current domain value.