Required Permission: Settings management (Read more about permissions in User Groups)

Cross-Origin Resource Sharing (CORS) is an HTTP-header-based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources. For security reasons, browsers restrict cross-origin HTTP requests initiated from scripts. This means that a web application can only request resources from the same origin the application was loaded from unless the response from other origins includes the right CORS headers.

CORS configuration is required in the case of embedding Graphlytic application into other websites, usually in Integration using iframe .

Explanation of the CORS panel UI fields

UI field

Default value




Turn on/off embedding of Graphlytic application.


A list of all domains for which the embedding will be turned on. When the specified domain does not include sub-domain then all sub-domains are enabled (e.g. using “” will allow also “”, “”, etc.)

If the list is empty then all domains are allowed.