More Demos

Rejecting Rogue Cross Origin Request - Secure Demo

rejectCOR.php located at is supposed to be accessible only from
So when a request comes from any website other than the request is not processed.
This prevents abuse of server resources due to unintended Cross Origin Requests.

PHP Source of

    if($_SERVER['HTTP_ORIGIN'] == "")
        echo date('l jS \of F Y h:i:s A');


To make a request to this page from and view the response click here.

Try making the same request from some other domain and capture the response in a proxy. The response would be blank.

Based on the COR examples from Mozilla and Arun Ranga