Custom CORS with API

Cross-Origin Resource Sharing (CORS) is a security mechanism that web browsers use to regulate how websites from different domains (origins) can communicate with one another. By default, incorporates a wildcard (*) in CORS for all its commercial plans. This means that a wildcard symbol (*) is inserted into the HTTP response header, specifically into the Access-Control-Allow-Origin. This instructs the web browser to accept all requests made to

CORS in HTTP header (access-control-allow-origin)

If you wish to enhance the security of your web application, you could specify the origin domain that is permitted to access the resource in the ‘Security’ section of your subscription page on This ensures that your API endpoint can be accessed exclusively through your web application from the permitted domain. In the following example, it means that your API endpoint would only accept requests sent from

Customize the permitted domain for CORS

Please note that this custom CORS only available for Starter Plan onward. Read more about CORS.


Find a solution that help in your business.

Was this article helpful?

Related Articles