CORS Proxy

What is CORS and Why?

CORS (Cross-Origin Resource Sharing) is a browser security feature that restricts scripts on one origin from calling APIs on a different origin unless the destination explicitly allows it via response headers like Access-Control-Allow-Origin.

Without the right headers from the API, browsers block requests made by frontend apps running on a different domain, port, or protocol.

How does this help fix CORS?

This service sits between your frontend and the target API. Your browser talks to this proxy (same origin as your app or allowed by your app), and the proxy forwards the request to the actual API, then returns the response with the required CORS headers so the browser accepts it.

• Adds Access-Control-Allow-Origin and optional credentials headers.
• Handles preflight OPTIONS requests.
• Streams bodies and files without buffering.

How to use

There are two simple ways to target an upstream API:

1. Path-embedded full URL (recommended for simple use and for domains like cors.utilitytool.app/<url>):
   In browsers, percent-encode the full URL:

2. Header override (enable ALLOW_TARGET_HEADER=true):

3. Query override (enable ALLOW_TARGET_QUERY=true):

Header and query overrides are disabled by default for safety; enable via environment variables if needed.

Quick test with curl