Skip to main content

Same Origin Policy to Images and CSS

Website can embed images from any other website over the internet. Interesting thing to notice is, sites can't read the image data from other sites.

CSS

Same any website can load CSS from any other website. Almost every application use such method these days. But sites can't read the CSS data from other websites

Demo

  1. Open sitea.com
  2. Open Developer console
  3. Type
document.styleSheets
  1. You will notice css rules, media, type and many other things
  2. Now go to inspector tab and change the css URL inside head element to any other sites css.
  3. In my case I have pointed the href URL to siteb css file
  4. You will notice no rules, no media
  5. This way, if there is any sensitive data in css, sitea can not read that data from siteb