![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 24%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,805 questions
If you are looking to prevent CORS, you could directly use the cors policy.
That being said, you could simply use the check-header policy to look at the Host header for the URL used by your client but note that the value of the header can be spoofed from untrusted clients. While browsers add that header by default (and can't be changed), other clients, like Postman for example, could be used to insert any host header value required.