# CORS for remote URLs

This applies when using `videoSrc` or `imageSrc` on another domain.

### Requirements

* The media server must return appropriate CORS headers.
* `GET` must be allowed for the media resource.
* `Access-Control-Allow-Origin` must include the front origin.
  * Example: `https://app.posetracker.com`

If CORS is missing or incorrect, the browser may block pixel access. The page reports an `error` message such as:

* `video_load_error`
* `image_load_error`
* `cross_origin_video`

### Example: S3 CORS configuration

A bucket CORS rule that allows `GET` from `https://app.posetracker.com`:

```json
[
  {
    "AllowedHeaders": ["*"],
    "AllowedMethods": ["GET"],
    "AllowedOrigins": ["https://app.posetracker.com"],
    "ExposeHeaders": []
  }
]
```