The crossorigin attribute on an <img> tag specifies that CORS is supported when loading an image from a third party server or domain.
CORS is a standard mechanism used to retrieve files from other domains.
An <img> with a crossorigin attribute.
With this attribute, the image supports CORS. No credentials are sent when the image file is retrieved.
<img crossorigin="anonymous"
src="/img/html/vangogh.jpg" alt="Van Gogh, self-portrait">
Note: the example image is not retrieved from a third party server, but you get the idea.
The crossorigin attribute specifies that the img element supports CORS.
CORS stands for Cross Origin Resource Sharing.
CORS is a standard mechanism to retrieve files from a third party domain or server.
If specified, the image file request will be sent with or without credentials.
Note: This attribute is only relevant when the image is retrieved from a third party server or domain. Do not use this attribute when the image is on your own server.
<img crossorigin="anonymous | use-credentials">
| Value | Description |
|---|---|
| anonymous or "" or blank |
A cross-origin request will be sent without credentials and performs basic HTTP authentication.
This is the default. Note: crossorigin="anonymous", crossorigin="", and crossorigin are all the same.
|
| use-credentials | A cross-origin request will be sent with credentials, cookies, and certificate. |
Here is when crossorigin support started for each browser:
 Chrome
|
30.0 | Sep 2013 |
 Firefox
|
13.0 | Jun 2012 |
 IE/Edge
|
18.0 | Jan 2020 |
 Opera
|
12.0 | Jun 2012 |
 Safari
|
1.0 | Jan 2003 |
Back to <img>
