CORS decides which other websites can read your API in a user’s browser.
Weak settings can expose private data, let attackers read cookie-backed responses, or leak content via caches.
Authorized testing only. Use this tool on systems you own or have explicit permission to assess.
Need help fixing misconfigurations, or want a full security checkup?