TryAPI/Free Tools
Sign in

CORS Checker

Check CORS headers for any URL. Understand Cross-Origin Resource Sharing configuration and troubleshoot CORS errors.

Enter URL

Note: This performs a client-side fetch. Some servers block browser requests regardless of CORS configuration.

How CORS Works

Cross-Origin Resource Sharing (CORS) is a security mechanism that allows a server to indicate which origins (domains) are permitted to read its resources from a web browser.

Simple Requests

GET, HEAD, POST with simple headers go directly to the server.

Preflight (OPTIONS)

Complex requests send an OPTIONS request first to check permissions.

Credentials

Cookies and auth headers require explicit allow-credentials header.

Common CORS Fixes

  • Missing Access-Control-Allow-Origin - Add the header to your server responses
  • Preflight failures - Ensure your server handles OPTIONS requests
  • Credentials with wildcard - Cannot use * with credentials; specify exact origin
  • Custom headers - List them in Access-Control-Allow-Headers