- September 12, 2023: Separated finding messages.
- September 10, 2018: Published.
⇤ Web Application Header Assessment
Optional for both HTTP/1.0 and HTTP/1.1
Access-Control-Allow-Origin specifies which domains can share resources. Setting this field to an asterisk (*) allows any domain to use these resources. For more information about this directive, see the W3 Access Control for Cross-Site Requests.
See finding messages.