CORS Policy Tester

Test Cross-Origin Resource Sharing configuration — fire preflight and simple requests and inspect headers

CORS policies are enforced by browsers. This tool fires real preflight and direct requests from your browser, plus uses a proxy cascade to inspect server headers when direct CORS requests are blocked.

Target URL

Origin (simulated)

Request Method

Custom Request Header (optional)

Need to audit and harden your API security posture?

If you like this tool, Speak with OneFirewall