CORS Policy Checker - Audit Access-Control-* headers avatar
CORS Policy Checker - Audit Access-Control-* headers

Pricing

Pay per usage

Try for free
Go to Apify Store
CORS Policy Checker - Audit Access-Control-* headers

CORS Policy Checker - Audit Access-Control-* headers

Try for free

Check CORS response headers (Access-Control-Allow-Origin, -Credentials, -Methods, -Headers, -Expose-Headers, -Max-Age, Vary: Origin) for one or more URLs. Optionally performs a preflight OPTIONS check. Useful for debugging browser/API integrations and spotting risky CORS misconfigurations.

Pricing

Pay per usage

Rating

0.0

(0)

Developer

Bikram Adhikari

Bikram Adhikari

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

11 hours ago

Last modified

Categories

Developer tools

Share

CORS Policy Checker (Access-Control-* Audit)

Audit CORS (Cross-Origin Resource Sharing) response headers for one or more URLs.

This actor sends a request with an Origin header and evaluates:

  • Access-Control-Allow-Origin
  • Access-Control-Allow-Credentials
  • Access-Control-Allow-Methods (preflight)
  • Access-Control-Allow-Headers (preflight)
  • Access-Control-Expose-Headers
  • Access-Control-Max-Age
  • Vary: Origin

Optionally, it also performs a preflight OPTIONS request to validate that the server correctly allows the requested method/headers.

Input

  • Start URLs: URLs to check
  • Origin: Origin header value used for the main request
  • Test second origin: If enabled, makes a second request with a different Origin to detect overly permissive/reflected policies
  • Perform preflight: If enabled, performs an OPTIONS preflight request
  • Proxy configuration: Optional Apify proxy

Output

Dataset (per URL)

Each dataset item contains:

  • final URL + status
  • CORS score (0-100)
  • warnings/errors with codes
  • parsed CORS-related headers
  • optional preflight info

Key-value store

  • SUMMARY: aggregate counts + average score
  • REPORT: SUMMARY plus top issue codes

Notes / disclaimers

  • CORS behavior depends on request method and headers; this actor checks a simple request plus optional preflight.
  • A missing Access-Control-Allow-Origin is not necessarily a “security issue” — it often simply means the resource is not intended for browser cross-origin access.

Quick start

Store page: https://apify.com/scrappy_garden/cors-policy-checker

Paste this into Input and click Run:

{
  "startUrls": [
    {
      "url": "https://example.com/"
    }
  ],
  "proxyConfiguration": {
    "useApifyProxy": false
  }
}

Outputs (what you get)

  • Dataset: Dataset items typically include fields like: startUrl, finalUrl, statusCode, redirected, corsScore, warningCount, errorCount, issues, checkedAt.
  • Key-value store: REPORT, SUMMARY

Tips (trust + predictable results)

  • Start with 1–3 URLs to validate behavior, then scale up.
  • If a target blocks requests, enable Proxy and/or slow down concurrency in Input.
  • Use the SUMMARY / REPORT keys (when present) for automation pipelines and monitoring.

Search keywords

cors policy checker, cors policy checker - audit access-control-* headers, website audit, seo

Bug Bounty Recon Scanner avatar

Bug Bounty Recon Scanner

iamuendo/Bug-Bounty-Recon-Scanner

Find exposed admin panels, missing/weak security headers, sensitive file leaks, and HTTPS misconfigurations across target domains. Export prioritised risk scores and JSON reports. Run via API, schedule scans, or integrate with bug bounty tools.

User avatar

Isaac Muendo

11

AI Technical SEO MCP Server avatar

AI Technical SEO MCP Server

alizarin_refrigerator-owner/ai-technical-seo-mcp-server

AI-ready technical SEO auditing with 7 specialized tools. Check robots.txt, llms.txt, generate sitemaps, run Lighthouse & GTmetrix audits, test rich results, and perform comprehensive technical SEO audits - all through a unified MCP interface.

User avatar

John Rippy

1

Website Security & Vulnerability Audit avatar

Website Security & Vulnerability Audit

smart-digital/website-security-vulnerability-audit

Automated security and vulnerability audit for websites. Detects WordPress plugin vulnerabilities, checks for updates, analyzes SSL/TLS, security headers, and CMS security

SD

My Smart Digital

11

5.0

(1)

Indeed Jobs Details Scraper avatar

Indeed Jobs Details Scraper

stealth_mode/indeed-jobs-details-scraper

Scrape detailed job listings from Indeed.com, the world's largest job site with 350M+ monthly visitors. Extract complete job data including descriptions, requirements, benefits, employer details, and application statistics. Essential for recruitment analytics, market research.

User avatar

Stealth mode

5

Rightmove Property Details Scraper avatar

Rightmove Property Details Scraper

stealth_mode/rightmove-property-details-scraper

Scrape comprehensive property listings from Rightmove, the UK's largest property portal. Extract prices, addresses, floor plans, EPC ratings, location data, and 80+ data fields. Essential for property research, investment analysis, and market intelligence across the UK real estate sector.

User avatar

Stealth mode

2

Carfax Vehicle Details Scraper avatar

Carfax Vehicle Details Scraper

ecomscrape/carfax-vehicle-details-scraper

Advanced Carfax.com vehicle scraper for comprehensive automotive data extraction. Extract VIN details, pricing, history, dealer information, and complete vehicle specifications from Carfax listings with automated precision and reliability.

EC

ecomscrape

34

1.0

(2)

Otomoto Product Details Scraper avatar

Otomoto Product Details Scraper

ecomscrape/otomoto-product-details-scraper

Professional Otomoto.pl scraper for extracting comprehensive vehicle listings from Poland's leading automotive marketplace. Get detailed car information, pricing, seller data, and technical specifications for market research and business intelligence.

EC

ecomscrape

9

Reddit User Profile avatar

Reddit User Profile

cheapget/reddit-user-profile

Get detailed profiles of Reddit users. The Reddit User Analyzer extracts comment history, activity patterns, and interests for comprehensive user behavior analysis.

User avatar

CheapGET

48

5.0

(1)

Linkedin Sales Navigator Scraper avatar

Linkedin Sales Navigator Scraper

bestscrapers/linkedin-sales-navigator-scraper

A powerful tool designed to extract detailed lead information from a Sales Navigator URL — without the need for cookies or login.

User avatar

Linkedin Scrapers

566

3.8

(14)

GetYourGuide avatar

GetYourGuide

vanderleicatanzaro/getyourguide

Scrape GetYourGuide tours & activities worldwide! 🌍 Support for 22 languages, 40 currencies, automatic affiliate link generation. Extract prices, ratings, reviews, photos & descriptions. Perfect for travel sites, agencies & affiliate marketers. Fast & reliable!

User avatar

Vanderlei Catanzaro

24