Compliance Code: ‐20500 ‐ Access‐Control‐Allow‐Origin - icann/rdap-conformance-tool GitHub Wiki

The "access-control-allow-origin" HTTP header is part of the Cross-Origin Resource Sharing (CORS) mechanism to help applications that run inside of web browsers to access web APIs, such as RDAP.

Section 1.14 of the 2024 ICANN RDAP Technical Implementation Guide (TIG) states:

1.14. When responding to RDAP valid requests, an RDAP server MUST include the Access-Control-Allow-Origin response header, as specified by [W3C.REC-cors-20140116]. Unless otherwise specified, a value of "*" MUST be used.

NOTE: This is in section 1.13 of the 2019 TIG

This means that an RDAP server must set the "access-control-allow-origin" HTTP header to the value "*":

access-control-allow-origin: *

NOTE: HTTP headers are not required to be capitalized.