> ## Documentation Index
> Fetch the complete documentation index at: https://docs.formbase.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# CORS Policies

> Cross-origin rules for Formbase endpoints.

Formbase is designed to accept submissions from any frontend. The `/s/<form-id>` endpoint includes permissive CORS headers so you can post from different domains without extra configuration.

This is especially useful for static sites, Jamstack apps, and client-side forms.

## Default CORS behavior

* `Access-Control-Allow-Origin: *`
* `Access-Control-Allow-Methods: POST, OPTIONS`
* `Access-Control-Allow-Headers: Content-Type, Authorization`

Formbase also responds to `OPTIONS` preflight requests.

<Callout type="note">
  If you self-host and want stricter CORS rules, place Formbase behind a proxy that enforces allowed origins.
</Callout>