requests, meaning that a web application running from one origin cannot retrieve data
served from a different origin. For VAST, this security restriction prevents
a VAST ad response served from a different origin.
Access-Control-Allow-Origin: <origin header value> Access-Control-Allow-Credentials: trueThis HTTP header allows an ads player on any origin to read the VAST response from the ad server origin. The value of
should be the value of the
Origin header sent with the ad request.
Access-Control-Allow-Credentials: header ensures that
cookies are sent and received properly.
For more information, refer to the W3C Draft Specification on Cross-Origin Resource Sharing