Cross-Origin-Resource-Policy Header

Table of Content


Cross-Origin-Resource-Policy: same-origin


The essential directives for the Cross-Origin-Resource-Policy header include:

  1. same-origin: This allows the resource to be accessed by the same origin. If the contents of a specific resource shouldn't be accessible from other origins, using this directive will be appropriate.

  2. same-site: This allows the resource to be accessed by the same site.

  3. cross-origin: This allows any site to access the resource.


// For same-origin policy
Cross-Origin-Resource-Policy: same-origin
// For same-site policy
Cross-Origin-Resource-Policy: same-site
// For cross-origin policy allowing all sites
Cross-Origin-Resource-Policy: cross-origin

Browser Compatibility

Browser Compatibility
Chrome Supported
Firefox Supported
Safari Not Supported
Opera Supported
Edge Supported

How to modify Cross-Origin-Resource-Policy header

ModHeader is a useful utility that allows manually adding, modifying or deleting HTTP response headers. To change the Cross-Origin-Resource-Policy header, open the ModHeader and click on the 'plus' icon to create a new profile. In the new profile, add "Cross-Origin-Resource-Policy" in the 'Name' field and your desired policy (such as "same-origin") in the 'Value' field. Hit 'Save' to apply the changes. Now, all outbound requests from your current browser session will include this modified header, assisting in testing how your application responds to different Cross-Origin-Resource-Policies.