CORS Header

Cross-origin resource sharing (CORS) is a browser security mechanism that determines whether a web page can load resources from a different origin. While browsers allow cross-origin images, CSS files, scripts, iframes, and videos without restrictions, other request types — such as Ajax calls and web fonts — are blocked by default under the same-origin policy.

CORS defines how browsers and servers evaluate cross-origin requests. Medianova CDN can send the access-control-allow-origin header in HTML responses to enable controlled cross-origin access.

By default, Medianova CDN forwards any CORS-related headers sent by your origin. You only need to enable CORS Header if you want CDN edges to set or override this header.

You can configure CORS Header in the Medianova Control Panel or via the API.

Enable CORS Header

Configure CORS Header

After enabling the feature, Medianova CDN edge servers add the access-control-allow-origin header to HTML responses based on your configuration.

Allow all origins (Wildcard)

If no domains are defined in the allow list, CDN edges return the following header:

access-control-allow-origin: *

The wildcard * allows any origin to load cross-origin resources from the CDN.

Allow specific domains

Add domains to restrict cross-origin access to only approved origins.

For example, if https://www.shop.com loads web fonts from https://fonts.shop.com and you want to prevent external sites from using these fonts, add fonts.shop.com to the allow list.

When a domain is added, CDN edges respond with:

Troubleshooting

• CORS Header applies only to HTML responses.

• If your origin also sets access-control-allow-origin, CDN behavior depends on your Header Override configuration.

• Browser console messages provide the most accurate diagnostics for CORS failures.

• If you use credentials or custom headers in your requests, additional CORS headers may be required at the origin level.