← All tools
Free security tool
Find risky cross-origin resource sharing settings
Check for permissive CORS policies that can expose APIs or authenticated resources to unwanted origins.
Run this focused check
Test one URL now. The result links naturally into a full WebSentry report and monitoring workflow.
What it checks
Wildcard origins
Credentials with broad origins
Allowed methods
Allowed headers
Preflight behavior
Why it matters
CORS controls which websites can read responses from your application. Loose policies can turn private APIs into public data leaks.
Common fixes
Allow only trusted origins
Avoid credentials with wildcard origins
Restrict methods to what the API needs
Turn one check into ongoing protection.
Create an account to save scan history, export reports, and monitor sites for security grade drops.