SecPlusTrainer / Glossary / What is Same-Origin Policy (SOP)?
D2 · Threats

What is Same-Origin Policy (SOP)?

Same-Origin Policy (SOP) prevents JavaScript from making requests to a different origin (scheme + domain + port) — a fundamental browser security control preventing XSS cross-site data theft.
CORS (Cross-Origin Resource Sharing) is the controlled mechanism to relax SOP. A wildcard CORS policy (Access-Control-Allow-Origin: *) on sensitive APIs is a critical vulnerability. SOP is why XSS is dangerous — it bypasses SOP.

Related Terms

What is adversarial AI in cybersecurity? What is an aggregation attack? What is anti-forensics? What is an attack surface?
← Back to Glossary Practice Questions →