In HTML5, some HTML elements which provide support for CORS, such as <img>, <video> or <script>, have a crossorigin attribute (crossOrigin property), which lets you configure the CORS requests for the element's fetched data. These attributes are enumerated, and have the following possible values:

Keyword Description
anonymous CORS requests for this element will not have the credentials flag set.
use-credentials CORS requests for this element will have the credentials flag set; this means the request will provide credentials.

By default (that is, when the attribute is not specified), CORS is not used at all. The "anonymous" keyword means that there will be no exchange of user credentials via cookies, client-side SSL certificates or HTTP authentication as described in the Terminology section of the CORS specification.

An invalid keyword and an empty string will be handled as the anonymous keyword.

Example: crossorigin with the script element

You can use the following <script> element to tell a browser to execute the https://example.com/example-framework.js script without sending user-credentials.

<script src="https://example.com/example-framework.js"
        crossorigin="anonymous"></script>

Specifications

Specification Status Comment
HTML Living Standard
The definition of 'CORS settings attributes' in that specification.
Living Standard  
HTML Living Standard
The definition of 'crossorigin' in that specification.
Living Standard  

Browser compatibility

<script crossorigin>

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidEdge MobileFirefox for AndroidOpera for AndroidiOS SafariSamsung Internet
Basic supportChrome Full support 30Edge Full support YesFirefox Full support 13IE No support NoOpera Full support 12Safari Full support Yes
Notes
Full support Yes
Notes
Notes The crossorigin attribute was implemented in WebKit in WebKit bug 81438.
WebView Android Full support YesChrome Android Full support YesEdge Mobile ? Firefox Android Full support 14Opera Android ? Safari iOS ? Samsung Internet Android Full support Yes

Legend

Full support  
Full support
No support  
No support
Compatibility unknown  
Compatibility unknown
See implementation notes.
See implementation notes.

<video crossorigin>

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidEdge MobileFirefox for AndroidOpera for AndroidiOS SafariSamsung Internet
Basic supportChrome ? Edge Full support YesFirefox Full support 12IE ? Opera ? Safari ? WebView Android ? Chrome Android ? Edge Mobile Full support YesFirefox Android Full support 14Opera Android ? Safari iOS ? Samsung Internet Android ?

Legend

Full support  
Full support
Compatibility unknown  
Compatibility unknown

See also

Document Tags and Contributors

Last updated by: sideshowbarker,