← All tools
Free security tool
Find risky cross-origin resource sharing settings
Check for permissive CORS policies that can expose APIs or authenticated resources to unwanted origins.
Run the full scan
Get this check plus the complete WebSentry security report for the URL.
What it checks
Wildcard origins
Credentials with broad origins
Allowed methods
Allowed headers
Preflight behavior
Why it matters
CORS controls which websites can read responses from your application. Loose policies can turn private APIs into public data leaks.
Common fixes
Allow only trusted origins
Avoid credentials with wildcard origins
Restrict methods to what the API needs
Turn one check into ongoing protection.
Create an account to save scan history, export reports, and monitor sites for security grade drops.