Express req.xhr Property
What you’ll learn
- How
req.xhrdetermines AJAX-style requests. - How to send the required request header from clients.
- When to use
req.xhrand when to prefer other checks. - Why
req.xhrshould not be used as a security gate.
Usage syntax
javascript
req.xhr1
Return different responses for XHR vs page load
javascript
app.get('/profile', function (req, res) {
if (req.xhr) return res.json({ user: 'mari' });
res.render('profile-page');
});2
Client request with XMLHttpRequest header
javascript
fetch('/profile', {
headers: { 'X-Requested-With': 'XMLHttpRequest' }
});❓ FAQ
It is a boolean indicating whether request header X-Requested-With equals XMLHttpRequest.
Not always. Many fetch/AJAX requests do not send this header by default.
It can be useful in legacy apps to distinguish classic AJAX flows from full-page requests.
They must send X-Requested-With: XMLHttpRequest in request headers.
No. Treat it as a hint only, not a trusted security boundary.
Did you know?
req.xhr is true when the request includes X-Requested-With: XMLHttpRequest, a common legacy AJAX indicator.
4 people found this page helpful
