Free CORS Tester Online — Check CORS Configuration
Test any URL for CORS configuration and Access-Control headers
Sends an OPTIONS preflight request to the target URL and inspects the CORS-related response headers.
Frequently Asked Questions
What is CORS?
Cross-Origin Resource Sharing (CORS) is a browser security mechanism that controls which websites can make requests to your API or server from a different domain.
What is a CORS misconfiguration?
Common misconfigurations include using wildcard (*) for Access-Control-Allow-Origin, allowing credentials with wildcard origins, or reflecting arbitrary Origin headers.
How do I fix CORS errors?
Set specific allowed origins instead of wildcards, only allow necessary HTTP methods and headers, and never allow credentials with wildcard origins.
For authorized, legal, and ethical security testing only. Scans are rate-limited to 3 per day on the free tier.