CORS Tester

Test and debug Cross-Origin Resource Sharing (CORS) for any API. Simulate preflight requests, analyze response headers, and detect security misconfigurations. Runs entirely in your browser — no request data is stored or sent to our servers.

Use the tool →

Runs in your browserNo API data storedNo request history saved

Request builder

Target URL

Origin (for preflight / cURL)

Actual request uses this page's origin

Method

Include credentials (cookies, Authorization)

Custom headers

Request is sent from this page's origin. Results show CORS headers and security analysis.

Request flow

BrowserPreflight OPTIONSGET requestResponse

Non-simple request: browser will send OPTIONS first, then GET if allowed.

Preflight (OPTIONS) cURL

curl -X OPTIONS "https://api.example.com/users" \
  -H "Origin: https://example.com" \
  -H "Access-Control-Request-Method: GET" \
  -H "Access-Control-Request-Headers: Content-Type" \
  -v

Actual request cURL

curl -X GET "https://api.example.com/users" \
  -H "Origin: https://example.com" \
  -H "Content-Type: application/json" \
  -v

Requests run from your browser. No data is stored or sent to our servers.

cURL Converter JWT Decoder