HeadingShape

Cross Domain Policy Header Test

HeadingShape

Check if your site is implementing a Cross-Domain policy.

Twitter Icon
Facebook Icon
LinkedIn Icon
Whatsapp Icon
Cross Domain Policy TestIcon

Cross Domain Policy Test

  • Browser icon

    IP Address

  • Report icon

    Test Time

  • Thu, (GMT 00:00)

Results

Couldn’t find the Cross-Domain-Policies header in the response headers.
Header
Value

Header

Value

About Cross Domain Policy

This tool checks for cross-domain security policy in the HTTP headers returned by your website.

For those unaware, the cross-domain headers tell the browser about the server policy for Ajax requests that aren't directed from the same domain.

"Same domain" means that if the given web page was loaded on mydomain.com. For example, these requests will be blocked if sent to api.mydomain.com. The same is true for requests sent to mydomain.com:8000, which isn't treated as the "same domain" because of the different port.

Why should you care?

Restricting browser requests to the same domain is an excellent idea for Web security.

It prevents, for example, malicious scripts from sending information to other domains. That said, it's not always possible to work within this restriction. Modern applications are deployed as Single Page Applications (SPA), where the frontend is on a completely different domain/port from the server-side of the application. In such cases, having cross-domain headers that tell the browsers to trust some/all domains for incoming requests is a must.

As a result, the website will stop working if these headers are missing (perhaps you forgot them?) for the cross-domain requests.

More tools for your Website

Make sure your website is in top shape with Domsignal - explore the suite of performance, SEO and security metrics testing tools now!

Secure header test icon

Secure Header Test

TTFB test icon

TTFB Test

TLS scanner icon

TLS Scanner

Broken link checker icon

Broken Link Checker

Whois hosting icon

Whois Hosting

DNS record lookup icon

DNS Record Lookup

Website performance audit icon

Website Performance Audit

HTTP headers checker icon

HTTP Headers Checker

HSTS test icon

HSTS Test

X-Frame-Options test icon

X-Frame-Options Test

MIME sniffing test icon

MIME Sniffing Test

CSP test icon

CSP Test

Find more tools

Enterprise-readyAPIsfor businesses of all sizes.

Explore Geekflare API

Latest Articles

Browse All Articles

Power Your Business

Brightdata

Brightdata

Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.

Try Now
Kinsta

Kinsta

Managed WordPress hosting that prioritizes your business and reputation by providing topnotch service

Try Now
Linode

Linode

Cloud Computing Platform for small to enterprise to host web applications, complex apps, mobile apps, and more.

Try Now
Semrush

Semrush

Semrush is an all-in-one digital marketing solution with more than 50 tools in SEO, social media, and content marketing.

Try Now
Domsignal logo

EXPLORE

APIs
Articles
Newsletter

COMPANY

About
Terms
Privacy
Sitemap

POPULAR TOOLS

Website Performance Audit
TLS Scanner
TTFB Test
HTTP Headers Checker
Secure Password Generator
Capture Screenshot
DNS Record Lookup
HTTP/3 Test
Website Redirection Checker
Ping Test
Blacklist Lookup
IPv6 Test
Whois Hosting
HSTS Test
DNSSEC Test

© 2023 • Domsignal