withCredentials

True when credentials are to be included in a cross-origin request. False when they are to be excluded in a cross-origin request and when cookies are to be ignored in its response. Initially false.

When set: throws an "InvalidStateError" DOMException if state is not unsent or opened, or if the send() flag is set.

MDN Reference