🌍 CORS Tester
Send a CORS preflight (OPTIONS) and real request from a chosen Origin to verify Access-Control-Allow-Origin / Methods / Headers / Credentials / Max-Age.
✅ 100% free, no signup
📚 CORS Basics
• Browsers block fetch / XHR to different origins. That is the same-origin policy.
• CORS lets the server declare "allowed origins" via Access-Control-Allow-Origin.
• Preflight is an OPTIONS request the browser sends before non-simple requests (custom headers, PUT/DELETE, etc.).
• Access-Control-Allow-Credentials: true cannot be combined with Access-Control-Allow-Origin: * — must use a specific origin.