What does the same-origin policy regulate in web security?

• A. It governs how passwords are stored.
• B. It determines how data is encrypted during transmission.
• C. It restricts how a document or script loaded from one origin can interact with resources from another origin to prevent cross-site attacks.
• D. It defines permitted cookies.

Answer: (C)

The same-origin policy creates a security boundary between websites. It says that a document or script loaded from one origin can interact only with resources from that same origin (same scheme, host, and port). If code from one site tries to read or modify data from another site, the browser blocks it unless the other site explicitly allows it through a controlled mechanism like CORS. This helps prevent cross-site attacks where a malicious site could read private data or perform actions on another site where you’re logged in. It isn’t about how passwords are stored or how data is encrypted in transit, and it doesn’t define cookies; those are separate concerns. The central idea is restricting cross-origin interactions to protect user data unless an explicit, safe permission is provided.