Movatterモバイル変換

[0]ホーム
URL:

  1. Web
  2. HTTP
  3. Reference
  4. Headers
  5. Cross-Origin-Resource-Policy

Cross-Origin-Resource-Policy (CORP) header

The HTTPCross-Origin-Resource-Policyresponse header (CORP) indicates that the browser should blockno-cors cross-origin or cross-site requests to the given resource.

It specifies resource owner's policy for what sites/origins should be allowed to load this resource.

Header typeResponse header

Syntax

http
Cross-Origin-Resource-Policy: same-site | same-origin | cross-origin

Directives

same-site

Resources can only be loaded from the same site.

same-origin

Resources can only be loaded from the same origin.

cross-origin

Resources can be loaded by any other origin/website.

Examples

For more examples, seehttps://resourcepolicy.fyi/.

Disallowing cross-origin no-cors requests

TheCross-Origin-Resource-Policy header below will cause compatible user agents to disallow cross-origin no-cors requests:

http
Cross-Origin-Resource-Policy: same-origin

Specifications

Specification
Fetch
# cross-origin-resource-policy-header

Browser compatibility

See also

Help improve MDN

Learn how to contribute

This page was last modified on byMDN contributors.

[8]ページ先頭
©2009-2026 Movatter.jp