Socket.IO is really good at getting around cross-domain issues when you create a request from a client in a different domain than the domain your server lives on. You can easily include the Socket.IO script from a different domain on your page. It will work just as you may expect it to.
There are some instances where you may not want your Socket.IO events to be available to every other domain. Not to worry! We can easily whitelist only the http referrers that we want so that some domains will be allowed to connect and other domains won't.
To lock down the HTTP referrer and only allow events to whitelisted domains, follow these steps: