CORS Misconfiguration Checker

Test for dangerous CORS configurations — free

We automatically add https:// — just type your domain. We'll run the relevant scanners and email you the full report.

What We Check

Wildcard Origin + Credentials

Detects ACAO:* with ACAC:true (critical CORS misconfiguration).

Arbitrary Origin Reflection

Tests if any origin is reflected back with credentials.

Null Origin

Checks if null origin is accepted (sandbox/file:// bypass).

Subdomain Reflection

Tests if arbitrary subdomains are accepted.

Suffix-Match Vulnerability

Detects domain.evil.com bypass via suffix validation.

HTTP on HTTPS

Tests mixed-scheme origin acceptance.

Get a Complete Security Audit

This checker is just part of our 27-scanner security assessment. Run a full scan for a complete report.

Start Full Free Scan →