CORS Tester

Use this little website to test if a URL is setup correctly to work with CORS.




If your CORS setup is not using a wildcard then this should be a domain that matches your AllowedOrigins


Shareable link:

Results

This URL will not work correctly with CORS.

What's wrong?

It does not have the access-control-allow-origin header set to *. Without this header, requests from other domains cannot be made to it via a users browser.

How to fix it?

If you have access to the server for the URL, you'll need to modify it to add the access-control-allow-origin header. If you do not have access, you'll need to upload the file somewhere else.

Headers

These are the response headers received when making the request.

cache-control: max-age=0, private, must-revalidate
cf-cache-status: BYPASS
cf-ray: 97c360a380f038e5-YYZ
connection: keep-alive
content-length: 9
date: Tue, 09 Sep 2025 02:50:20 GMT
server: cloudflare
set-cookie: sid=b9b5c048-8d27-11f0-b675-3f7bb4721357; path=/; domain=.roomscalestudios.com; expires=Sun, 27 Sep 2093 06:04:27 GMT; max-age=2147483647; secure; HttpOnly

CORS tester was built by @mscccc. The code is available on GitHub. Sponsored by HTML/CSS to Image.