+# Cross-origin resource sharing (CORS) is a mechanism to allow
+# cross-origin requests.
+#
+# The "cors-allowed-origin" option can be used to specify a
+# domain that is allowed to make requests to Privoxy CGI
+# interface via JavaScript. It is used in combination with the
+# trusted-cgi-referer directive.
+#
+# +-----------------------------------------------------+
+# | Warning |
+# |-----------------------------------------------------|
+# |Declaring domains the admin doesn't control |
+# |trustworthy may allow malicious third parties to |
+# |modify Privoxy's internal state against the user's |
+# |wishes and without the user's knowledge. |
+# +-----------------------------------------------------+
+#
+#cors-allowed-origin http://www.example.org/