The same-origin policy is a critical security mechanism that restricts how a document or script loaded by one origin can interact with a resource from another origin. It helps isolate potentially malicious documents, reducing possible attack vectors. For example, it prevents a malicious website on the Internet from running JS in a browser to read data from a third-party webmail service (which the
![Same-origin policy - Security on the web | MDN](https://cdn-ak-scissors.b.st-hatena.com/image/square/aa767575b4232d312d2c5de428f0bf0955805e26/height=288;version=1;width=512/https%3A%2F%2Fdeveloper.mozilla.org%2Fmdn-social-share.cd6c4a5a.png)