Test CORS policy with a simple GET and OPTIONS preflight request from a custom origin.
CORS (Cross-Origin Resource Sharing) is a browser security mechanism that restricts cross-origin HTTP requests. When a browser makes a cross-origin request, it first sends an OPTIONS preflight to check what origins and methods are allowed. This tool simulates both a simple GET request and a preflight OPTIONS request with a configurable test origin, then analyses the Access-Control-* response headers for common misconfigurations.
The tool analyzes Access-Control-* response headers: Allow-Origin (who can request), Allow-Methods (allowed verbs), Allow-Headers (permitted headers), Allow-Credentials (cookie handling). Debug CORS errors without DevTools.