Internet Explorer’s definition of the “same origin” differs to the other browsers. See the IE Exceptions section of the MDN documentation on the same-origin policy:
Internet Explorer has two major exceptions when it comes to same origin policy:
- Trust Zones: if both domains are in highly trusted zone e.g, corporate domains, then the same origin limitations are not applied
- Port: IE doesn’t include port into Same Origin components, therefore http://company.com:81/index.html and http://company.com/index.html are considered from same origin and no restrictions are applied.
Therefore if your cross-origin request occurs across different ports, or within one of IE’s trusted zones, IE will not treat the request as cross-origin and will see no need to add the Origin:
header.