Preflight Request, According to the definition on MDN,
"A CORS preflight request is a CORS request that checks to see if the CORS protocol is understood."
When front-end sends a CORS request, the browser automatically issues an OPTIONS request which is used to find the options and methods that the requested server supports. The OPTIONS will send "Access-Control-Request-Method", "Access-Control-Request-Headers", and "Origin" headers. The front end developer don't need to fire this request directly.
For example, when a client of domainA sends an XMLHttpRequest POST request to domainB server, the browser first sends an OPTIONS request to domainB to see if domainB allows domainA to access its resource. domainB may respond something like the following if it allows the access from domainA.
HTTP/1.1 200 OK Access-Control-Allow-Origin: http://domainA.com Access-Control-Allow-Methods: POST, GET Access-Control-Max-Age: 86400 ...
The browser sees that it is allowed to POST and GET resource from domainB, it sends the actual POST request to domainB server. The serverB must inlcude the "Access-Control-Allow-Origin" header in its response. If the serverB does include it in its response, the browser receives the response and intercepts it so that the front-end (the code that fires the XMLHttpRequest) doesn't receive it.
For detail, see
