# CORS

Cross-original resource sharing

> **External Access**
> By default Cachet can be accessed by any third-party server.

You may configure your Cachet installation for CORS very easily. To blacklist everybody except one or more domains:

- Login to your Dashboard
- Go to the Settings panel
- Click on Security
- You'll see a Allowed domains textarea, fill in any domains that you
  want to access the API as a comma separated list:

```
https://demo.cachethq.io,https://status.cachethq.io
```