CORS Tester
// Test CORS configuration by making fetch requests
Note: Browser-based CORS testing is limited. The browser enforces CORS policies, so if the server does not allow your origin, the request will fail and response headers will be hidden. For comprehensive testing, use
curl -v from your terminal. Access-Control-Allow-Origin: The allowed origin(s), e.g. * or https://yourdomain.com
Access-Control-Allow-Methods: Allowed HTTP methods, e.g. GET, POST, PUT
Access-Control-Allow-Headers: Allowed request headers, e.g. Content-Type, Authorization
Access-Control-Allow-Credentials: Set to true if cookies/auth needed
#About CORS Tester
Free online CORS tester. Test Cross-Origin Resource Sharing configuration by making browser fetch requests and inspecting CORS response headers. This tool runs entirely in your browser — your data is never sent to a server. Just paste your input, get instant results, and copy with one click. No sign-up or installation required.
#FAQ
Why does my CORS test fail even though my server is configured correctly? ▾
Browser-based CORS testing sends requests from this tool domain as the origin. If your server only allows specific origins, requests from this tool will be blocked. Use curl or a server-side tool to test CORS headers directly without browser restrictions.
What is a CORS preflight request? ▾
A preflight request is an OPTIONS request the browser sends before the actual request when using non-simple methods (PUT, DELETE) or custom headers. The server must respond with appropriate Access-Control-Allow-* headers for the actual request to proceed.
</> Embed this tool ▾
Copy this code to embed the tool on your website. Adjust the height to fit your layout.
<iframe src="https://www.browserutils.dev/embed/cors-tester" width="100%" height="500" frameborder="0" title="CORS Tester"></iframe>