Which statement describes the goal of the same-origin policy?

• A. It prevents cross-origin requests from accessing data across sites.
• B. It prevents data from being leaked to DNS.
• C. It ensures universal logging.
• D. It enforces device-level authentication.

Answer: (A)

The main idea is that a browser limits how code from one site can access data from another site. This protection prevents programs running on one origin from reading or modifying data on a different origin, unless the other site explicitly allows it (for example, with CORS).

In practice, this means a script on one site can’t freely read data like cookies, local storage, or the DOM from another site. The goal is to keep user data private and reduce the risk of cross-site attacks.

The other options aren’t about this access control: DNS leakage relates to domain-name lookups, universal logging isn’t about restricting data access between sites, and device-level authentication is about verifying the device itself, not controlling cross-origin data access.