CORS Tester

Use this little website to test if a URL is setup correctly to work with CORS.

If your CORS setup is not using a wildcard then this should be a domain that matches your AllowedOrigins

Shareable link:


This URL will only work for specific domains.

What's that mean?

This url can only be loaded by pages that match If you're trying to load it from a different origin and it's not working, you'll need to change it so the access-control-allow-origin header is set to *.


These are the response headers received when making the request.

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 879ad6da45280804-IAD
connection: keep-alive
content-security-policy: default-src 'none'
content-type: text/html; charset=utf-8
date: Thu, 25 Apr 2024 02:17:53 GMT
rndr-id: aa102e79-6ddd-4ca0
server: cloudflare
transfer-encoding: chunked
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-powered-by: Express
x-render-origin-server: Render

CORS tester was built by @mscccc. The code is available on GitHub. Sponsored by HTML/CSS to Image.