Use this little website to test if a URL is setup correctly to work with CORS.
Shareable link: https://cors-test.codehappy.dev/?url=https%3A%2F%2Fpbs.twimg.com%2Fprofile_images%2F1419580485358002177%2FT426TzJw_400x400.jpg
This url can only be loaded by pages that match https://cors-test.codehappy.dev/. If you're trying to load it from a different origin and it's not working, you'll need to change it so the access-control-allow-origin header is set to *.
These are the response headers received when making the request.
accept-ranges: bytes
access-control-allow-origin: https://cors-test.codehappy.dev/
access-control-expose-headers: X-Acted-As-User-Id,X-Rate-Limit-Limit,X-Rate-Limit-Remaining,X-Rate-Limit-Reset,X-TD-Mtime
cache-control: public, max-age=604800
cf-cache-status: MISS
cf-ray: 9c2833bdc08ffad4-CMH
connection: keep-alive
content-length: 10775
content-type: image/jpeg
cross-origin-resource-policy: cross-origin
date: Fri, 23 Jan 2026 15:07:41 GMT
expires: Fri, 30 Jan 2026 15:07:41 GMT
last-modified: Mon, 26 Jul 2021 08:46:56 GMT
origin-cf-ray: 9c2833bdc08ffad4-ORD
perf: 7402827104
server: cloudflare
strict-transport-security: max-age=631138519; includeSubdomains
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
vary: origin
x-cache: MISS
x-content-type-options: nosniff
x-envoy-upstream-service-time: 15
x-served-by: t4_a
x-transaction-id: 7e2902cd060537aa
x-tw-cdn: CF
CORS tester was built by @mscccc. The code is available on GitHub. Sponsored by HTML/CSS to Image.