HTML <img> crossorigin Attribute

The crossorigin attribute on an <img> tag specifies that CORS is supported when loading an image from a third party server or domain.

Example

#

A crossorigin attribute on an <img> element.
With this attribute, the image supports CORS. No credentials are sent when the image file is retrieved.

Van Gogh, self-portrait
<img crossorigin="anonymous" 
     src="/img/html/vangogh.jpg" alt="Van Gogh, self-portrait">

Note: the example image is not retrieved from a third party server, but you get the idea.


Using crossorigin

The crossorigin attribute specifies that the img element supports CORS.

CORS stands for Cross Origin Resource Sharing.

CORS is a standard mechanism to retrieve files from a third party domain or server.

If specified, the image file request will be sent with or without credentials.

Note:  This attribute is only relevant when the image is retrieved from a third party server or domain. Do not use this attribute when the image is on your own server.


Syntax

<img crossorigin="anonymous | use-credentials">

Values

#

Value Description
anonymous or "" or blank A cross-origin request will be sent without credentials and performs basic HTTP authentication. This is the default. Note: crossorigin="anonymous", crossorigin="", and crossorigin are all the same.
use-credentials A cross-origin request will be sent with credentials, cookies, and certificate.

Browser support

Here is when crossorigin support started for each browser:

Chrome
30.0 Sep 2013
Firefox
13.0 Jun 2012
IE/Edge
18.0 Jan 2020
Opera
12.0 Jun 2012
Safari
1.0 Jan 2003

You may also like

 Back to <img>
Guides