CORS Checker
Free online CORS policy checker tool
About CORS Checker
Tests whether a target URL allows cross-origin requests from this site by issuing three real browser fetches with mode: cors: a GET, an OPTIONS preflight (requesting POST with Content-Type), and a POST with Content-Type: application/json and an empty JSON body. For each request it reports success/blocked, the HTTP status, and any Access-Control-* response headers that the browser exposed.
How to Use
1. Enter a URL (with or without https://; non-http input is prefixed with https://). 2. Click Lookup or press Enter. 3. Three result cards appear: GET, OPTIONS (Preflight), and POST (JSON), each with a check or cross icon, the HTTP status, and any Access-Control-* headers returned.
Reading the Results and Limitations
A green check with CORS Enabled (HTTP xxx) means the fetch succeeded and the browser could read the response; the Access-Control-Allow-Origin, Allow-Methods, Allow-Headers, Max-Age, and Allow-Credentials headers are listed when present. A red cross means the browser blocked the request (no CORS headers, missing allow-origin, network error, or credentials mismatch). Note: a request can return a non-2xx HTTP status yet still be CORS-enabled, and some servers that do not send CORS headers will show as blocked even if they are reachable.
▶Why does a reachable server show as blocked?
▶What is the OPTIONS preflight request?
▶What does the POST check send?
▶Can it test custom methods or headers?
If this tool has been helpful to you, consider buying me a coffee.
Buy me a coffee