Caused by: I was returning $.ajaxSettings.xhr object from $.ajaxSetup({xhr}), returning new window.XMLHttpRequest(); instead solved the problem If we have /secure/* path for example. "CodeBehind": This property has not any role with the ASP.NET or web service. How to manage a redirect request after a jQuery Ajax call. "Web Service" directive: This directive shows that the asmx page is a web service. 618. Even though this solution prevents the AJAX callback to be triggered while the user types, it will still hammer the server with requests. 618. If we have /secure/* path for example. $ npm install unirest Is there any way I can set CSRFToken for all Ajax call dealing with POST type. This is normal behavior. Disabled HTML forms elements aren't sent along with the post/get values when you submit the form. To break this down, jQuery first launches your PHP script in an iframe. I would not recommend this. Please note, this example is using a GET request, which besides getting the headers (all you need to check weather the file exists) gets the whole file. Only after before send applayed must be able to access it pages in /secure paths