CORS Header Checker

Headers are parsed locally. Nothing is sent to the server.

Origin to allow

Enter the origin you want to whitelist to get recommended response headers.

Existing CORS headers (paste raw)

About

Paste your current Access-Control-* response headers to see what you have and any warnings. Enter an origin in "Origin to allow" to get the exact headers to add or use for that origin (e.g. Access-Control-Allow-Origin and Vary: Origin).

CORS Header Checker

CORS headers found

Warnings

Recommended headers for whitelisting

About