By default, Cachet can be accessed by any third-party server. This may not be ideal for security reasons, so we recommend you configure CORS to only allow access from your own domains.You may configure your Cachet installation for CORS very easily. To blacklist everybody except one or more domains:
Login to your Dashboard
Go to the Settings panel
Click on Security
You’ll see textarea labelled Allowed domains. Fill in any domains that you want to access the API as a comma separated list: