Every ad GET is doing a lot of things that violate that edict.
replyYes, but if ads do it, that would at worst make the ad server vulnerable, not your server.
replyYou apparently understand less than me. The little I do understand is that CORS is protection for a site's user, not the site.
replyIt's a protection of site's business model.
reply