CORS Simulator

Browser request + server policy → allowed/blocked + preflight required

Browser request

Method

Origin

Content-Type

Custom headers

Authorization

Server policy

Access-Control-Allow-Origin

Allow-Methods

GETPOST

Allow-Headers

AuthorizationContent-Type

Allow-Credentials

✓ Allowed · Preflight (OPTIONS) required

Reasons

• Preflight required (GET method or non-simple headers)

Preflight (OPTIONS) response headers

Access-Control-Allow-Origin	`https://example.com`
Access-Control-Allow-Methods	`GET, POST`
Access-Control-Allow-Headers	`Authorization, Content-Type`

Verify outputs before using in production. No warranty — see Terms.