CORS Header Generator

// Generate CORS headers configuration

Allow Origin

Allowed Methods

Allow Headers

Expose Headers

Max Age (seconds)

Allow Credentials

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Max-Age: 86400

#About CORS Header Generator

Free online CORS header generator. Generate Access-Control-Allow-Origin and other CORS headers for your API. Get configuration for Express, Nginx, Apache, and more. This tool runs entirely in your browser — your data is never sent to a server. Just paste your input, get instant results, and copy with one click. No sign-up or installation required.

#FAQ

What is CORS? ▾

CORS (Cross-Origin Resource Sharing) is a security mechanism that allows web applications on one domain to request resources from another domain. It uses HTTP headers to tell browsers which cross-origin requests should be permitted.

What is the Access-Control-Allow-Origin header? ▾

The Access-Control-Allow-Origin header specifies which origins are allowed to access the resource. It can be set to a specific origin (e.g., https://example.com), or * to allow any origin (not recommended for credentialed requests).

</> Embed this tool ▾

Copy this code to embed the tool on your website. Adjust the height to fit your layout.

<iframe src="https://www.browserutils.dev/embed/cors-header-generator" width="100%" height="500" frameborder="0" title="CORS Header Generator"></iframe>

#Related

HTTP Headers Reference

Searchable reference of HTTP headers

CSP Header Generator

Generate Content Security Policy headers

.htaccess Generator

Generate .htaccess rules (redirects, rewrites, etc.)