W3cubDocs

document.domain

The domain property of the Document interface gets/sets the domain portion of the origin of the current document, as used by the same origin policy.

Syntax

var domainString = document.domain;
document.domain = string;

Value

The domain portion of the current document's origin.

Exceptions

SecurityError

An attempt has been made to set domain under one of the following conditions:

the document is inside a sandboxed <iframe>
the document has no browsing context
the document's effective domain is null
the given value is not equal to the document's effective domain (or it is not a registerable domain suffix of it)
the document-domain Feature-Policy is enabled

Example

// for document www.example.xxx/good.html,
// this script closes the window
var badDomain = "www.example.xxx";

if (document.domain == badDomain)
   window.close(); // Just an example - window.close() sometimes has no effect.

// For the URI http://developer.mozilla.org/en-US/docs/Web the
// following sets domain to the string "developer.mozilla.org"
var domain = document.domain;

Notes

This property used to return null if the domain of the document could not be identified, although this has now changed as of Firefox 62 — see the discussion in bug 819475.

Mozilla will let you set it to a superdomain of the current value, constrained by its base domain. For example, on developer.mozilla.org it is possible to set it to "mozilla.org" but not "mozilla.com" or "org".

If this property is successfully set, the port part of the origin is also set to null.

Mozilla distinguishes a document.domain property that has never been set from one explicitly set to the same domain as the document's URL, even though the property returns the same value in both cases. One document is allowed to access another if they have both set document.domain to the same value, indicating their intent to cooperate, or neither has set document.domain and the domains in the URLs are the same (implementation). Were it not for this special policy, every site would be subject to XSS from its subdomains (for example, https://bugzilla.mozilla.org could be attacked by bug attachments on https://bug*.bugzilla.mozilla.org).

Specifications

Specification	Status	Comment
HTML Living Standard The definition of 'Document.domain' in that specification.	Living Standard

Browser compatibilityUpdate compatibility data on GitHub

	Desktop
	Chrome	Edge	Firefox	Internet Explorer	Opera	Safari
Basic support	Yes	?	Yes Yes From Firefox 62, if the domain cannot be identified, `domain` returns an empty string instead of `null`. See bug 819475.	?	?	?

	Mobile
	Android webview	Chrome for Android	Edge Mobile	Firefox for Android	Opera for Android	iOS Safari	Samsung Internet
Basic support	Yes	Yes	?	Yes Yes From Firefox 62, if the domain cannot be identified, `domain` returns an empty string instead of `null`. See bug 819475.	?	?	?