HTML <script> crossorigin Attribute

❮ HTML <script> tag


<script src="[email protected]/dist/js/bootstrap.bundle.min.js" integrity="sha384-U1DAWAznBHeqEIlVSCgzq+c9gqGAJn5c/t99JyeKa9xxaYpSvHU5awsuZVVFIhvj" crossorigin="anonymous"></script>


The crossorigin attribute specifies whether or not script error information will be revealed from the script(This is used only when scripts are being loaded from different origins).

The CORS (Cross-Origin Resource Sharing) is a system, consisting of transmitting HTTP headers, that determines whether browsers block frontend JavaScript code from accessing responses for cross-origin requests.

The same-origin security policy forbids cross-origin access to resources. But CORS gives web servers the ability to say they want to opt into allowing cross-origin access to their resources.

Standard Syntax

<script crossorigin="anonymous|use-credentials"></script>

Browser Support


Attribute Values

Value Description
anonymous A cross-origin request is performed. No credentials are sent.
use-credentials A cross-origin request is performed. Credentials are sent (e.g. a cookie, a certificate, a HTTP Basic authentication).
❮ HTML <script> tag