Cross-Origin Resource Sharing Allowed

Impact: Informational


Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to tell browsers to give a web application running at one origin, access to selected resources from a different origin. A web application executes a cross-origin HTTP request when it requests a resource that has a different origin (domain, protocol, or port) from its own. Mozilla Cross-origin resource sharing should not be allowed unless specifically needed to minimize disclosure of sensitive information to foreign origins.


Consider removing the Access-Control-Allow-Origin header or use specific origins as value.


Last updated on February 15, 2021

Use SmartScanner Free version to test for this issue