XOLab (Cross-Origin Lab): A laboratory environment for studying browser cross-origin interaction and isolation mechanisms)

XOLab (Cross-Origin Lab) is a reusable laboratory environment for studying browser cross-origin security behavior. The project provides two intentionally separated origins, frontend-a and api-b, exposed through Nginx reverse proxies and implemented with minimal Express applications. The laboratory supports experiments involving CORS, CSP, CORP, cross-origin fetch requests, image loading, canvas tainting, remote script loading, iframe embedding, and cookie-related behavior. Security and policy headers are primarily configured in Nginx, so that browser behavior can be inspected and compared by changing policy profiles. This release represents the initial manually validated laboratory baseline. Validation is performed in the browser through page output, Network activity, and Console messages in DevTools.