VAST Video Ads and the CORS header
Written by Roy
May 18, 2022 • 3 min read
Are you performing Quality Assurance checks on VAST creatives? One of the first things we want to check is the presence of the CORS header (access-control-allow-origin). Learn why CORS should be on #1 of your QA checklist.
What is this all about?
The security restriction on XHR requests is meant to avoid issues with people being logged in on a different website that is displayed in the browser bar. In theory, someone could steal account information if the same-origin policy was not applied.
What if the CORS header is missing?
If this HTTP header is not added to the response, a VAST-compliant video player will not be able to fetch ads. You may want to reach out to your advertiser or ad server vendor to address the issue.
How can I check if the CORS header is present?
There a simple and an even more simple way to check the CORS header:
What should be the value of the CORS header?
It should either echo the origin, or be a wildcard. For example, if the VAST video player runs on publisher.com, the ad server hosting the VAST tag should add the following HTTP header:
To use a wildcard, which essentially allows every domain to load the tag, the following header should be added:
open_in_newWhat Google says about CORS