CORS Checker
Test CORS policy with a simple GET and OPTIONS preflight request from a custom origin.
CORS Checker validates Cross-Origin Resource Sharing configuration for an API. Performs preflight OPTIONS + real request, shows Access-Control-Allow-Origin / Methods / Headers. Diagnoses wildcard-with-credentials errors and missing preflight responses.
Simple Request (GET + Origin)
Preflight (OPTIONS)
Want a weekly re-check of this?
Drop your email — we will re-run this check every 7 days and alert you if anything degrades (SSL expiry, DNS change, header regression). Free.
One-click unsubscribe in every email. We never share email addresses. By subscribing you agree to our privacy policy.
How CORS Works
CORS (Cross-Origin Resource Sharing) is a browser security mechanism that restricts cross-origin HTTP requests. When a browser makes a cross-origin request, it first sends an OPTIONS preflight to check what origins and methods are allowed. This tool simulates both a simple GET request and a preflight OPTIONS request with a configurable test origin, then analyses the Access-Control-* response headers for common misconfigurations.
Learn more
Frequently Asked Questions
What does the CORS checker do?
The tool analyzes Access-Control-* response headers: Allow-Origin (who can request), Allow-Methods (allowed verbs), Allow-Headers (permitted headers), Allow-Credentials (cookie handling). Debug CORS errors without DevTools.
Related guides
Longer-form reading on this topic from the knowledge base.
Automate this check
Set up continuous monitoring and get an alert when something breaks. No manual runs to remember.