Get Started Client Area

CORS Checker

Test Access-Control-Allow-Origin, credentials, methods, and preflight. Use with HTTP Headers Checker and SSL Checker for full security checks.

The origin to send in the request. Default: https://example.com
Send an OPTIONS request to test CORS preflight response.

Quick Guide

  • 📍 Enter the URL to test (e.g. API endpoint)
  • 🌐 Set Origin to your front-end origin (default: https://example.com)
  • 🔄 Check "Run preflight" to send OPTIONS and see CORS preflight headers

Actions

Run a check to enable actions.

What this CORS Checker does

Test Access-Control response headers for any URL. See whether your origin is allowed, which credentials and methods the server sends, and common misconfigurations (e.g. wildcard with credentials).

  • Access-Control-Allow-Origin (ACAO)
  • Access-Control-Allow-Credentials, Methods, Headers
  • Vary: Origin and preflight (OPTIONS) response

Tip: Enter the URL to test (e.g. API endpoint), set Origin to your front-end origin, and optionally run preflight (OPTIONS).

Related Tools

HTTP Headers Checker

Inspect all response headers

SSL Checker

Verify SSL/TLS certificates

Security Headers Checker

Scan CSP, HSTS and more

Redirect Checker

Check redirect chains
Explore more Security tools →