CORS Header Generator
Build CORS configuration headers interactively for web servers and APIs. Set allowed origins, methods, request headers, credentials, and preflight cache duration — then copy the generated Access-Control headers or ready-to-paste code snippets for nginx, Express.js, Flask, and .NET.
How to Use CORS Header Generator
How to Use the CORS Header Generator
Step 1: Choose a Preset (optional)
Click one of the three preset buttons at the top of the configuration panel to instantly load a common CORS setup:
- Open API — allows all origins (
*) with GET/POST/OPTIONS and no credentials. Use for fully public APIs. - SPA + API — a single origin with full CRUD methods, Authorization header, and credentials enabled. The most common setup for a single-page app calling a backend API.
- Strict — one origin, GET only, minimal headers. Use for read-only, tightly controlled APIs.
Step 2: Configure Your CORS Policy
Allowed Origins
Enter a single origin URL (e.g., https://app.example.com), * to allow any origin, or a comma-separated list for multiple specific origins. Note: using * with credentials enabled is not permitted by browsers.
Allowed Methods Click the HTTP method buttons to toggle them on or off. Highlight the methods your API actually uses. Always include OPTIONS for preflight requests.
Allowed Headers
Toggle the common request headers your API expects to receive. Add any custom headers (e.g., X-Tenant-Id) in the text input below the toggles.
Exposed Headers (optional)
List response headers that the browser should expose to client-side JavaScript (e.g., X-Request-Id, X-Rate-Limit-Remaining).
Allow Credentials
Enable this if your API uses cookies, HTTP authentication, or TLS client certificates. Must be used with a specific origin — not *.
Max Age Sets how long (in seconds) browsers may cache preflight results. Use the quick presets (1h, 24h, 7d) or enter a custom value.
Step 3: Choose an Output Tab
Click the output tabs to switch between:
- HTTP Headers — the raw
Access-Control-*header lines to add to any HTTP response - nginx —
add_headerdirectives and preflight handler block - Express.js —
corsnpm package configuration object - Flask —
flask-corsCORS configuration - .NET —
AddCorsandUseCorsmiddleware setup for ASP.NET Core
Step 4: Copy and Apply
Click Copy to copy the output to your clipboard, then paste it into your server configuration or application code.
Frequently Asked Questions
Most Viewed Tools
Screen Size Converter
Calculate screen width and height from diagonal size and aspect ratio. Convert between inches and centimeters for displays, TVs, and monitors with instant dimension calculations.
Use Tool →Reorder PDF Pages
Drag and drop to rearrange PDF pages in any order. Upload your PDF, preview all pages as thumbnails, drag pages to reorder them, and download the rearranged PDF. Fast, visual, and privacy-focused.
Use Tool →DPI Calculator
Calculate DPI (dots per inch), image dimensions, and print sizes. Convert between pixels and physical dimensions for printing and displays.
Use Tool →Paper Size Converter
Convert between international paper sizes (A4, Letter, Legal) with dimensions in mm, cm, and inches. Compare ISO A/B series and North American paper standards.
Use Tool →Fuel Consumption Converter
Convert between MPG (miles per gallon), L/100km (liters per 100 kilometers), and other fuel efficiency units. Compare car fuel economy across different measurement systems.
Use Tool →CSV Splitter
Split large CSV files into smaller files by number of rows. Process large datasets in manageable chunks instantly.
Use Tool →Product Schema Generator
Generate JSON-LD Product schema markup for SEO. Add product details like name, price, brand, rating, and availability to create structured data for rich search results.
Use Tool →Child Height Predictor
Predict child adult height based on parent heights using the Mid-Parental Height method. Calculate how tall your child will be with genetic predictions.
Use Tool →Related API & Backend Tools
JWT Encoder & Signer
Construct and sign JWT tokens locally in your browser. Edit header and payload JSON, choose HS256/HS384/HS512, enter a secret, and generate a signed token instantly. Nothing is uploaded.
Use Tool →API Tester
Test HTTP API endpoints directly in your browser. Make GET, POST, PUT, PATCH, and DELETE requests with custom headers and request bodies. View status codes, response headers, and pretty-printed JSON responses — all client-side, no server proxy.
Use Tool →OAuth Token Validator
Validate and inspect OAuth tokens in your browser. Decode JWT access tokens and ID tokens to view claims, scopes, and expiry. Analyse opaque tokens for entropy and format. Free and private.
Use Tool →GraphQL Query Formatter
Format and prettify GraphQL queries, mutations, subscriptions, and fragments with correct indentation.
Use Tool →JWT Token Validator
Decode and validate JWT tokens instantly in your browser. Inspect header and payload claims, check expiry, and verify HMAC signatures (HS256/HS384/HS512). Free and private.
Use Tool →OpenAPI Spec Validator
Validate OpenAPI 2.0 (Swagger) and OpenAPI 3.0/3.1 specification files for compliance, missing required fields, unresolved $ref paths, and schema errors. Paste JSON or YAML or upload a file — errors and warnings are listed by path with severity levels and actionable fix suggestions. All validation runs entirely in your browser.
Use Tool →Webhook Payload Generator
Generate realistic sample webhook payloads for Stripe, GitHub, Slack, and custom event schemas. Select a provider and event type to instantly produce a correctly structured JSON payload you can copy or download to seed webhook handlers, write tests, and build integrations.
Use Tool →Webhook Validator
Validate and inspect webhook payloads in your browser. Auto-detects GitHub, Stripe, Slack, and Shopify webhooks, extracts event details, and optionally verifies HMAC signatures. Free and private.
Use Tool →Share Your Feedback
Help us improve this tool by sharing your experience