browserutils

CORS Tester

Test CORS configuration by making fetch requests

CORS Tester is a free online tool from BrowserUtils that test cors configuration by making fetch requests. It runs entirely in your browser — your data never leaves your device. No account required.

Note: Browser-based CORS testing is limited. The browser enforces CORS policies, so if the server does not allow your origin, the request will fail and response headers will be hidden. For comprehensive testing, use curl -v from your terminal.
Access-Control-Allow-Origin: The allowed origin(s), e.g. * or https://yourdomain.com
Access-Control-Allow-Methods: Allowed HTTP methods, e.g. GET, POST, PUT
Access-Control-Allow-Headers: Allowed request headers, e.g. Content-Type, Authorization
Access-Control-Allow-Credentials: Set to true if cookies/auth needed

Related guides

GlossaryWhat is CORS?

How to use CORS Tester

  1. 1 Paste or type your input into the editor above.
  2. 2 The tool processes your data instantly — right in your browser, with nothing sent to a server.
  3. 3 Copy the result with one click or continue editing your input.

About CORS Tester

Free online CORS tester. Test Cross-Origin Resource Sharing configuration by making browser fetch requests and inspecting CORS response headers. This tool runs entirely in your browser — your data is never sent to a server. Just paste your input, get instant results, and copy with one click. No sign-up or installation required.

CORS Tester specs

Runtime
100% client-side (browser)
Cost
Free — no account, no rate limits, no usage caps
Browser support
Chrome 90+, Firefox 88+, Safari 14+, Edge 90+
Part of
299 developer tools on BrowserUtils (100% client-side)

Questions

Why does my CORS test fail even though my server is configured correctly?
Browser-based CORS testing sends requests from this tool domain as the origin. If your server only allows specific origins, requests from this tool will be blocked. Use curl or a server-side tool to test CORS headers directly without browser restrictions.
What is a CORS preflight request?
A preflight request is an OPTIONS request the browser sends before the actual request when using non-simple methods (PUT, DELETE) or custom headers. The server must respond with appropriate Access-Control-Allow-* headers for the actual request to proceed.
What does Access-Control-Allow-Origin: * mean?
The wildcard * allows any origin to access the resource. This is fine for public APIs and static assets, but should not be used for endpoints that return private data or require authentication.
How do I fix CORS errors in my web application?
CORS errors are fixed on the server side by adding the correct Access-Control-Allow-Origin, Access-Control-Allow-Methods, and Access-Control-Allow-Headers response headers. The CORS tester helps you verify which headers your server is returning.
Is the CORS tester safe to use with production APIs?
The tester sends standard HTTP requests from your browser. It does not modify your server configuration. However, be aware that the requests will come from this tool domain, so your server must allow that origin or use a wildcard.
Embed this tool

Copy this code to embed the tool on your website. Adjust the height to fit your layout.

<iframe src="https://www.browserutils.dev/embed/cors-tester" width="100%" height="500" frameborder="0" title="CORS Tester"></iframe>

Related tools

Security Headers Checker
Check and analyze HTTP security headers
CSP Header Generator
Generate Content Security Policy headers

More Security & Privacy

robots.txt GeneratorCSP Header GeneratorChmod Calculator.htpasswd GeneratorSSH Key GeneratorSRI Hash GeneratorPGP Key GeneratorPassword Strength Checker
View all Security & Privacy tools