juniorWeb Security

What is the Same-Origin Policy?

Updated May 6, 2026

Short answer

SOP restricts how scripts from one origin interact with another.

Deep explanation

It prevents a webpage from accessing data from a different domain unless explicitly allowed.

Real-world example

Preventing malicious sites from reading bank data.

Common mistakes

  • Confusing SOP with CORS.

Follow-up questions

  • What defines an origin?
  • Can SOP be bypassed?

More Web Security interview questions

View all →