chevron_rightAd Tags
chevron_rightHTML5 Ads
chevron_rightVAST Tags
chevron_rightVideo Ads
Ad Load Size Detector
Initial Load Detector
Host-initiated Subload Detector
Network Requests Detector
CPU Usage Tester
DOMContentLoaded Detector
Ad Size Validator
Has Video Detector
Memory Usage Detector
SSL-Compatibility Detector
Iframe Count Detector
Cookies Dropped Detector
Chrome Heavy Ad Intervention Detector
JavaScript Error Detector
Console Warning Detector
Mobile Friendly Tester
Creative Rendered Detector
Blocked by AdBlock Detector
Document.write() Detector
Creative Border Detector
Ad Server Vendor Detector
Missing Asset Detector
Dialog and Modal Detector
Measurement Pixels Detector
Local Storage Detector
HTML Syntax Error Detector
Ad Tag Landing Page Checker
Meta ad.size Detector
Click Tag Detector
CSS/JS Minified Detector
Image Optimization Detector
External Asset Detector
Uses jQuery Detector
HTML5 Library Detector
Hosted File Size Detector
HTML5 Allowed File Type Detector
Ad Load Size Detector
Initial Load Detector
Host-initiated Subload Detector
Network Requests Detector
CPU Usage Tester
DOMContentLoaded Detector
Ad Size Validator
Has Video Detector
Memory Usage Detector
SSL-Compatibility Detector
Iframe Count Detector
Cookies Dropped Detector
Chrome Heavy Ad Intervention Detector
JavaScript Error Detector
Console Warning Detector
Creative Rendered Detector
Blocked by AdBlock Detector
Document.write() Detector
Creative Border Detector
Missing Asset Detector
Dialog and Modal Detector
Measurement Pixels Detector
Local Storage Detector
HTML Syntax Error Detector
VAST Ad System Detector
VAST CORS Header Detector
VAST Creative Count Detector
VAST SSL-Compatibility Tester
VAST Version Detector
VAST Wrapper Redirect Detector
VAST XML Content-Type Detector
VAST XML Load Time Detector
VAST HTTP Code Detector
VAST XML File Size Detector
VAST Impression Logging Detector
VAST Audio Channels Detector
VAST Audio Compression Detector
VAST Audio Sample Rate Detector
VAST Audio Codec Detector
VAST Audio Loudness Detector
VAST True Peak Detector
VAST Audio Bit Rate Detector
VAST Video Aspect Ratio Detector
VAST Video Dimensions Detector
VAST Video Duration Detector
VAST Video Bit Rate Detector
VAST Video Bit Rate Mode Detector
VAST Video Chroma Subsampling Detector
VAST Video Color Space Detector
VAST Video Frame Rate Detector
VAST Video File Size Detector
VAST Video Container Detector
VAST Video File Extension Detector
VAST Video Codec Detector
VAST MOOV Atom Location Detector
VAST Delivery Type Detector
VAST Skip Offset Detector
VAST Video Mime-Type Detector
Video Codec Detector
Aspect Ratio Detector
Video Dimension Detector
Video Frame Rate Detector
MOOV Atom Position Detector
Video Color Space Detector
Video Chroma Subsampling Detector
Audio Codec Detector
Audio Loudness Detector (LUFS)
Audio True Peak Detector
Audio Sample Rate Detector
Audio Channel Detector
Audio Compression Detector
Audio Bit Rate Detector
Video Container Format Detector
Video Bit Rate Detector
Bit Rate Mode Detector
File Size Detector
File Extension Detector
Video Duration Detector
Video Mime Type Detector
document_scanner
Ad Tag Tester
CPU/RAM usage, Dimensions, SSL...
document_scanner
HTML5 Ad Validator
Initial Load, Click Tags, Meta ad.size...
document_scanner
VAST Validator
Audio Loudness, Video Codecs, Dimensions...
document_scanner
Video Validator
MOOV Atoms, Audio Loudness, Bit Rates...
headset
Live Chat Online
Get instant answers to your questions
email
Contact Support
Reach out to see how AdValify can help
cloud
Network Status
See live network status updates
emoji_events
Customer Testimonials
Read what others have to say about AdValify
auto_stories
User Guide
Get started with AdValify in seconds
document_scanner
Creative QA Tests
CPU/RAM usage, Initial Load, SSL, etc.
emoji_events
Customer Testimonials
Read what others have to say about AdValify
api
API: Ad Tag Tester
API docs to validate ad tags
api
API: HTML5 Ad Validator
API docs to validate HTML5 ads
api
API: VAST Validator
API docs to validate VAST ads
open_in_new
GitHub PHP Class
PHP Ad Validator Class
public
Network Status
Live infrastructure status
AdValify.io Logo
AdValify
Automated Ad Validation
 
Share with
your colleagues!

VAST Video Ads and the CORS header

Written by Roy
Apr 5, 2022 • 3 min read

Are you performing Quality Assurance checks on VAST creatives? One of the first things we want to check is the presence of the CORS header (access-control-allow-origin). Learn why CORS should be on #1 of your QA checklist.

What is this all about?

Web video players make an ad request to the ad server using the JavaScript XMLHttpRequest (XHR). Browsers apply a security restriction called same-origin to these XHR requests, meaning that publisher.com cannot retrieve data served from advertiser.com. This is exactly the setup we see with VAST video ads.

The security restriction on XHR requests is meant to avoid issues with people being logged in on a different website that is displayed in the browser bar. In theory, someone could steal account information if the same-origin policy was not applied.

What if the CORS header is missing?

If this HTTP header is not added to the response, a VAST-compliant video player will not be able to fetch ads. You may want to reach out to your advertiser or ad server vendor to address the issue.

How can I check if the CORS header is present?

There a simple and an even more simple way to check the CORS header:

  • Use Chrome. Open Chrome Dev Tools (CTRL + SHIFT + J) and click the Network tab. Then, load the VAST tag URL and check the response headers of the HTTP request.
    vast_cors_ss1.png
  • Use CreativeQA.io. Go to creativeqa.io/vast-tag-tester and enter your VAST URL in the box. Launch the scan and you'll get a quality assurance report that mentions presence of the CORS header. If the test fails, you may want to contact your advertiser or ad server vendor to have the issue fixed.
    vast_cors_ss2.png
    The VAST inspector has 34 free Quality Assurance tests that let you pre-validate video ads before they go live. Think about the video codec, a skip option, HD/FHD requirements, mime-types, download speed and many more.

What should be the value of the CORS header?

It should either echo the origin, or be a wildcard. For example, if the VAST video player runs on publisher.com, the ad server hosting the VAST tag should add the following HTTP header: Access-control-allow-origin: publisher.com

To use a wildcard, which essentially allows every domain to load the tag, the following header should be added: Access-control-allow-origin: *

External Resources

More from AdValify.io