CORS is a browser security mechanism that restricts resources on a web page from being requested from another domain. A weak CORS configuration (such as reflecting the Origin header blindly or enabling wildcards with credentials enabled) allows malicious websites to read sensitive data from your web application on behalf of authenticated users.
To resolve this vulnerability, follow these config changes or developer practices:
After applying the remediation, run an external attack-surface scan to verify that the vulnerability is no longer detected by WebScanify.
Run a free security scan now to identify missing headers, outdated JS, and other deployment vulnerabilities.