CORS Header Checker

This tool will check the headers for a CORS request and attempt to determine whether they are set correctly.

It is recommended that you use either Chrome or Firefox to copy the headers, even if you’re only having problems in other browsers.

You can suggest improvements or report bugs via GitHub.


Request headers:

Find the request in the Network section of your browser’s developer tools. Right-click on the request and copy the Request headers. Paste them into the box below.


OPTIONS /api-path HTTP/1.1
Host: localhost:3000
Access-Control-Request-Method: POST
Origin: http://localhost:8080


Response headers:

Right-click again on the same request but this time copy the Response headers. Paste them into the box below.


HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://localhost:8080


withCredentials / credentials = "include":

If you’re setting the withCredentials flag on the request then check the box below. If you aren’t sure, leave it unchecked.

Once you’ve completed all three steps you can view the analysis in the next section.

Request Analysis

Response Analysis