Cross Domain Policy
Header Test

Check if a cross-domain policy
is implemented on the website

Checking for the cross-domain header...

Great! Cross-Domain-Policies header was found
in the HTTP response headers as highlight below.

Couldn’t find the Cross-Domain-Policies header
in the response headers.

Header Value

Header

Value

About Cross Domain Policy

The Cross Domain Policy Test tool checks for the presence of cross-domain security policy in the HTTP headers returned by your website. For those who are not aware, the cross-domain headers tell the browser what kind of policy the server has set up for Ajax requests that are not directed from the same domain. “Same domain” in this case means that if the given web page was loaded on mydomain.com, for example, if it sends requests to api.mydomain.com, these requests will be blocked. The same is true for requests sent to mydomain.com:8000, which is not treated as “same domain” because the port is different.

Why you should care?

Restricting browser requests to the same domain is a great idea in Web security. It prevents, for example, malicious scripts from sending information to other domains. That said, it’s not always possible to work within this restriction. Modern applications are deployed as Single Page Applications (SPA), where the frontend is on a completely different domain/port from the server-side of the application. In such cases, having cross-domain headers that tell the browsers to trust some/all domains for incoming requests is a must.

As a result, if these headers are missing (perhaps you forgot them?) the website will stop working for the cross-domain requests.

Check out this implementation guide if you need help in the configuration.

Hand-picked best resources to supercharge
your Website and Business

Explore Collections

More tools for your Website

Ping Test

Check if your site or IP can respond to ping globally

Test Now

Traceroute Test

Traceroute your IP or site to find network related issue

Test Now

TLS 1.3 Test

Test supported TLS version on the site

Test Now

TLS Scanner

Check the supported protocol, server preferences, certificate details, common vulnerabilities and more

Test Now

DNSSEC Test

Check if DNS Security Extensions is enabled on your domain

Test Now

TCP Port Scanner

Quickly find out what ports are open on public Internet-facing IP or website

Test Now

Latest Articles