Your web server must send the following response headers:
You can configure your server to do this or have SiteSpect add them. To use SiteSpect:
- Select Site, Configuration, Domains, then click Edit (little pencil icon) in the Actions column to edit the Domain you want to work on.
- Select the Header Control tab.
- In the Response Header Manipulation section of the page, use the two Header fields to enter the headers as follows:
- Rule: set
- Name: Access-Control-Allow-Origin
- Value: Use an asterisk “*” to mean all or enter the domain that is making the request.
- Rule: set
- Name: Access-Control-Allow-Headers
- Value: A comma-delimited list of the names of the headers to submit on requests
- The name of your Robot Disabling Cookie: To prevent the third-party site’s AJAX requests from being identified by SiteSpect as originating from a robot, the request must send an additional header that includes parameters for disabling robot detection. SiteSpect allows you to name and configure this header by selecting Site, Configuration, Domains, User Tracking. Scroll down to the bottom of the page to locate the Disable Robot Detection Header Name and Disable Robot Detection Header Value fields. Include the Robot Detection Header Name found here as one of the entries in the Value field for Access-Control-Allow-Headers.
- Have the third-party request resources from your site using AJAX.
- You must add a function that parses the custom X-Set-SiteSpect-Cookie header and saves the values in the correct cookies.
- The AJAX requests to your site must have an additional request header that contains your SiteSpect cookies: xhr.setRequestHeader('X-SiteSpect-Cookie', document.cookie);
- You must send the Disable Robot Detection Header Name and Value with this request.
- Upon successfully receiving the response to your AJAX request, you must parse the cookies from the header “X-Set-SiteSpect-Cookie” and save the values. We recommend using cookies under the third-party domain for this purpose.