Let's say that I own 2 domains www.xyz.com and ajax.xyz.com. I'd like to load my HTML and javascript from the site with prefix www and then execute an ajax request to the site prefixed with ajax. Will the same origin policy block my ajax request from www.xyz.com to ajax.xyz.com or will it work without using the Access-Control-Allow-Origin header.
Regards
Subdomains are considered different domains, you'll have to set the CORS headers