DevTab

CORS Simulator

Never leaves your browser

Simulate and verify preflight requests against CORS policy headers.

CORS Configurations

1. Simulated Request

Origin
Method
Custom Headers

2. Target Server Headers

Access-Control-Allow-Origin
Access-Control-Allow-Methods
Access-Control-Allow-Headers
Access-Control-Allow-Credentials

Simulation Audit Results

Success: CORS preflight passes! Browser will load resources.
Access-Control-Allow-OriginPASSED

Access-Control-Allow-Origin matches request origin exactly ('https://my-frontend.app').

Access-Control-Allow-MethodsPASSED

Request method 'POST' is explicitly allowed.

Access-Control-Allow-HeadersPASSED

All custom headers are allowed by Access-Control-Allow-Headers config.

CORS Request AllowedOrigin: https://my-frontend.app