Use this little website to test if a URL is setup correctly to work with CORS.
Shareable link: https://cors-test.codehappy.dev/?method=get&origin=https%3A%2F%2Fchatgpt.com&url=https%3A%2F%2Fcdn.oaistatic.com
These are the response headers received when making the request.
access-control-allow-origin: *
access-control-expose-headers: content-length
cache-control: public, max-age=2592000
cf-cache-status: EXPIRED
cf-ray: a11aa87cb641e88e-CMH
connection: keep-alive
content-length: 223
content-type: application/xml
date: Fri, 26 Jun 2026 07:56:55 GMT
expires: Sun, 26 Jul 2026 07:56:55 GMT
server: cloudflare
set-cookie: __cf_bm=7J.tBY89ilMK1p7LsDjmZ8kyYhnMLmdChWRCEhHLzl0-1782460615-1.0.1.1-pEPRf1OKmQ1Qln2ujdYI9MUo6E3L7qqmABjnovrjRxWbsnkFT2PV6IKP2jTbjrzE2AGzPyqsNW49Ph2xPIw8PNCUYkjjCwtGoQ38ATBQXWQ; path=/; expires=Fri, 26-Jun-26 08:26:55 GMT; domain=.oaistatic.com; HttpOnly; Secure, _cfuvid=JC2Rzm3QrGHOJhPVqw8gWg6WBtMSe32ehiDj9ThIzqA-1782460615277-0.0.1.1-604800000; path=/; domain=.oaistatic.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: https://chatgpt.com
x-content-type-options: nosniff
x-ms-request-id: 080e4ac6-401e-002a-7541-059eaf000000
x-ms-request-priority: 3
CORS tester was built by @mscccc. The code is available on GitHub. Sponsored by HTML/CSS to Image.