The page includes one or more script files from a third-party domain.
By default, websites are only allowed to access data if they are from the same origin. This is a key application security principle and is governed by the same-origin policy (defined by RFC 6454). An origin is defined as the combination of URI schemes (HTTP or HTTPS), hostname, and port number. However, this policy is not applicable for HTML <script> tag inclusions. This exception is necessary, as without it websites would not be able to consume third-party services, perform traffic analysis, or use advertisement platforms, etc.
Run our expert website security checkup and get your tailored security recommendations to protect your website.
The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets.