Using the Cross-Domain Requests setting, specify how the system validates cross-

domain requests
(such as requests for non-HTML resources like embedded images, CSS style sheets,
XML,
JavaScript, or Flash).
Cross-domain requests are requests with different domains in the Host and Referrer
headers.
Option Description
Allow all requests Allows requests arriving to a non-HTML URL referred by a
different
domain and without a valid cookie if they pass a simple challenge. The
system sends a challenge that tests basic browser capabilities, such as
HTTP redirects and cookies.
Allow configured
domains; validate in
bulk
Allows requests to other related internal or external domains that are
configured in this section, and validates the related domains in advance.
The requests to related site domains must include a valid cookie from
one of the site domains; the external domains are allowed if they pass a
simple challenge. Choose this option if your web site does not use many
domains, and then include them all in the lists below.
Also, if your website uses CORs, select this option and then specify the
WebSocket domain in the Related Site Domains list.
Allow configured
domains; validate upon
request
Allows requests to other related internal or external domains that are
configured in this section. The requests to related site domains must
include a valid cookie from the main domain; the external domains are
allowed if they pass a simple challenge. Choose this option if your web
site uses many domains, and include the main domain in the list below.