CORS Header

Cross-origin resource sharing (CORS) is a security feature enabling a web page to retrieve restricted resources from a server hosted on a different domain than the one serving the page itself.

Web pages can freely embed cross-origin images, stylesheets, scripts, iframes and videos, but certain types of cross-domain requests—especially Ajax requests and web fonts—are typically blocked by default under the same-origin security policy. CORS establishes a structured approach for browsers and servers to evaluate whether a cross-origin request should be permitted, ensuring safe interactions across domains.

Medianova CDN enables you to configure edge servers to send the access-control-allow-origin CORS header in HTML responses, to allow browsers to load cross-origin resources.

You can manage CORS Header in the Medianova Panel or via API.

Log in to the Medianova Panel, select a CDN resource in the CDN section and navigate to the Headers tab.

Turn on CORS Header

By default, CORS Header is disabled. Click the Status toggle to turn on CORS Header.

Configuration Options for CORS Header

Wildcard

When CORS Header is enabled, and no domains are configured for this feature, Medianova CDN edge servers will send the access-control-allow-origin: * header with HTML responses. The wildcard * gives browsers permission to load cross-origin web page resources from any domain.

Domains Allow List

Add domains to the CORS Header domains list to allow browsers to load cross-origin resources only from those domains. For example, if your website https://www.shop.com uses web fonts on https://fonts.shop.com and you want to prevent other websites from loading your web fonts, add the fonts.shop.com domain to the CORS Header domains list. Medianova CDN servers will then send HTML responses to browsers with the access-control-allow-origin: https://fonts.shop.com header .