Request Details
Example Tests
Response
Headers
Body Snippet
Waiting for request...
CORS Error Detected
The browser blocked this request. This usually means the server is missing the Access-Control-Allow-Origin header.
Fix:
Access-Control-Allow-Origin: *
CORS Tester FAQ
CORS (Cross-Origin Resource Sharing) is a security mechanism that allows a web page from one domain to request resources from another domain.
Why is my request blocked?
Modern browsers block cross-origin requests by default unless the server explicitly allows them via the Access-Control-Allow-Origin header.
What is a Preflight Request?
For non-simple requests (like those with custom headers or JSON data), the browser sends an OPTIONS request first to ask for permission.
How do I fix CORS errors?
You must configure your backend server (Node.js, Python, Flask, etc.) to set the Access-Control-Allow-Origin header to * or your specific domain.