CORS Header Checker
This tool will check the headers for a CORS request and attempt to determine whether they are set correctly.
It is recommended that you use either Chrome or Firefox to copy the headers, even if you’re only having problems in other browsers.
You can suggest improvements or report bugs via GitHub.
Find the request in the Network section of your browser’s developer tools. Right-click on the request and copy the Request headers. Paste them into the box below.
OPTIONS /api-path HTTP/1.1 Host: localhost:3000 Access-Control-Request-Method: POST Origin: http://localhost:8080
Right-click again on the same request but this time copy the Response headers. Paste them into the box below.
HTTP/1.1 200 OK Access-Control-Allow-Origin: http://localhost:8080
withCredentials / credentials = "include":
If you’re setting the
withCredentials flag on the request then check the box below. If you aren’t
sure, leave it unchecked.
Once you’ve completed all three steps you can view the analysis in the next section.