Cross Domain Policy Header Test
Check if your site is implementing a Cross-Domain policy.
About Cross Domain Policy
This tool checks for cross-domain security policy in the HTTP headers returned by your website.
For those unaware, the cross-domain headers tell the browser about the server policy for Ajax requests that aren't directed from the same domain.
"Same domain" means that if the given web page was loaded on mydomain.com. For example, these requests will be blocked if sent to api.mydomain.com. The same is true for requests sent to mydomain.com:8000, which isn't treated as the "same domain" because of the different port.
Why should you care?
Restricting browser requests to the same domain is an excellent idea for Web security.
It prevents, for example, malicious scripts from sending information to other domains. That said, it's not always possible to work within this restriction. Modern applications are deployed as Single Page Applications (SPA), where the frontend is on a completely different domain/port from the server-side of the application. In such cases, having cross-domain headers that tell the browsers to trust some/all domains for incoming requests is a must.
As a result, the website will stop working if these headers are missing (perhaps you forgot them?) for the cross-domain requests.
More tools for your Website
Make sure your website is in top shape with Domsignal - explore the suite of performance, SEO and security metrics testing tools now!
