---
title: "Cross-origin iframe access in chrome tests"
slug: "cross-origin-iframe-access-in-chrome-tests"
updated: 2025-05-12T20:40:21Z
published: 2025-05-12T20:40:21Z
canonical: "docs.catchpoint.com/cross-origin-iframe-access-in-chrome-tests"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.catchpoint.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Cross-origin iframe access in chrome tests

## Overview

Catchpoint Transaction tests (including playwright) often require access to cross-origin iframes within pages to interact with elements for clicking, typing and filling/submitting forms, etc. Due to security restrictions that prevent XSS attacks, Chrome prevents the Catchpoint agent from accessing cross-origin iframes not delivered with the Access-Control-Allow-Origin HTTP header. However, the **cross-origin policy is disabled by default** in Catchpoint.

You can still enable Chrome's cross-origin policy. You can configure this in the chrome test by checking the **Cross-Origin Iframe Do Not Allow** option under **Advanced settings** as shown in the screenshot below. By applying this setting, Chrome's cross-origin policy is enabled.

![Pic_14.png](https://cdn.document360.io/cb4af8f9-6751-4fd2-b39c-07aae832badb/Images/Documentation/4402389941901-Pic_14.png)

## Additional Notes

It has been found that some pages (or resources on those pages) are negatively affected by disabling web security in the Chrome browser. This may affect some bot detectors since bot detectors would check if the client can access the cross-origin iframes. So, if a site uses bot detection, it may block the test. Other solutions such as Optimizely may also be affected.