cross-origin() for url()
Limited availability
The url() CSS function accepts a cross-origin() modifier to control cross-origin resource sharing (CORS) when requesting the URL. For example, url("https://example.com" cross-origin(anonymous))) does not send credentials to the URL.
Browser support
- Chrome 150 Released on 2026-06-30
- Chrome Android 150 Released on 2026-06-30
- Edge 150 Released on 2026-07-02
- Firefox Not supported Bugs: 2047126 2038424
- Firefox for Android Not supported Bugs: 2038424
- Safari 26.2 Released on 2025-12-12
- Safari on iOS 26.2 Released on 2025-12-12
Baseline availability blocked since July 2026 by Firefox (0 months)
Need this feature?
Leave a 👍 on the feedback issue
Don't forget to also leave a comment explaining your specific use case.
MDN documentation
No MDN documentation found. You can search for the feature on MDN. If you believe that MDN has no documentation about this feature, you can open an issue on MDN's GitHub repository.View as JSON | Edit this feature | Report an issue | Web-features entry: source, dist