Enable Cross-Origin Resource Sharing to Allow Cross-Site JSON

We just discovered our open data wasn't nearly as open as we believed.  Turns out for true cross-site requests of JSON data you need to add a HTTP Reponse Header:

 Access-Control-Allow-Origin: "*"

The method one uses to do so vary widely by webserver and host.  In our case, for IIS7 the simplest method was to configure it in the web.config:

<?xml version="1.0" encoding="utf-8"?>
        <add name="Access-Control-Allow-Origin" value="*" />

For more information on the why and how as well as directions for other webservers visit The folks behind also offer a solid overview of Cross-site XmlHttpRequest with CORS.  Use the form at to see if your site is CORS enabled.

At this time only IFWIS Core is CORS-Enabled on IDFG's website.