# CORS Configuration

**Introduction to CORS (Cross-Origin Resource Sharing)**

CORS, or Cross-Origin Resource Sharing, is a fundamental web security mechanism, it defines the rules for when and how a web page hosted on one domain can make requests to access resources, such as data or services, on another domain. CORS is a crucial aspect of web security, as it helps prevent malicious websites from making unauthorized requests to sensitive data.

**Understanding Allowed CORS hosts**

In Limio the Allowed CORS hosts list serves as a whitelist, permitting specific domains to make cross-origin requests to the Limio API and access its resources.

The list allows "headless" access to APIs. This means that services or scripts running on servers or in environments without a traditional web browser (i.e., headless) can still make secure requests to the Limio API.

Go to General Settings > Site Security:

<figure><img src="https://2981049874-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fxxxhzz4ER0TH1oIFAttf%2Fuploads%2Fcc9aWS1GlJ3h2XTIZuLg%2Fimage.png?alt=media&#x26;token=b3660de2-5d5f-42d4-a0f3-9011b9fcef9b" alt=""><figcaption></figcaption></figure>