Cross-Origin-Resource-Policy
The HTTP Cross-Origin-Resource-Policy response header
conveys a desire that the browser blocks no-cors cross-origin/cross-site requests to the
given resource.
| Header type | Response header |
|---|---|
| Forbidden header name | no |
Syntax
http
Cross-Origin-Resource-Policy: same-site | same-origin | cross-origin
Examples
The response header below will cause compatible user agents to disallow cross-origin no-cors requests:
http
Cross-Origin-Resource-Policy: same-origin
For more examples, see https://resourcepolicy.fyi/.
Specifications
| Specification |
|---|
| Fetch Standard # cross-origin-resource-policy-header |
Browser compatibility
BCD tables only load in the browser