Use this little website to test if a URL is setup correctly to work with CORS.
Shareable link: https://cors-test.codehappy.dev/?method=get&origin=https%3A%2F%2Fcors-test.codehappy.dev%2F&url=https%3A%2F%2Fstackoverflow.com
It does not have the access-control-allow-origin header set to *. Without this header, requests from other domains cannot be made to it via a users browser.
If you have access to the server for the URL, you'll need to modify it to add the access-control-allow-origin header. If you do not have access, you'll need to upload the file somewhere else.
These are the response headers received when making the request.
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 9e7f7a288bcafad4-CMH
content-type: text/html; charset=UTF-8
date: Mon, 06 Apr 2026 08:38:35 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
referrer-policy: same-origin
server: cloudflare
set-cookie: __cf_bm=mX_TQZUrgr6o7A0tNNvi7sanz9UYwR2QXu7yphsNVmA-1775464715.6915648-1.0.1.1-0PWD1yOZ9Mff972d2Si.VscRLMQChxim4DjE7wAY0msSLAM9xyXcjw0nfbbA.1GmQK4xyqS1DHYqVbcPskd8uYXuAuc5K8cnX04zxBJHwob92_t9sAfRBI8WZqSWrY7A; HttpOnly; Secure; Path=/; Domain=stackoverflow.com; Expires=Mon, 06 Apr 2026 09:08:35 GMT
transfer-encoding: chunked
vary: accept-encoding
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
CORS tester was built by @mscccc. The code is available on GitHub. Sponsored by HTML/CSS to Image.