Cross-domain requests by DNS name rebinding. A domain name server at a first domain name receives an initialization request from a user agent device. The request designates a class of domain names to be resolved to an IP address belonging to a second domain name to which the user agent device seeks to issue a safe cross-domain request. That request will be directed to the first domain name, but serviced by a server belonging to the second. In a DNS cache of the user agent, the first domain name is bound to an IP address belonging to the first domain, and to an IP address belonging to the second domain name. This binding is established by providing two or more IP address resource records resolving the designation of the class of domain names, having the relevant IP addresses, and ensuring that the first domain name is pinned to the first IP address in a DNS cache of the user agent device, and that others of the IP addresses are stored in the user agent's DNS cache as alternative binding(s) to the first domain name, and then invalidating the first IP address, so that the binding falls through to an alternative one of the IP addresses.