CORS Misconfiguration Checker
Test for dangerous CORS configurations — free
We automatically add https:// — just type your domain. We'll run the relevant scanners and email you the full report.
What We Check
Wildcard Origin + Credentials
Detects ACAO:* with ACAC:true (critical CORS misconfiguration).
Arbitrary Origin Reflection
Tests if any origin is reflected back with credentials.
Null Origin
Checks if null origin is accepted (sandbox/file:// bypass).
Subdomain Reflection
Tests if arbitrary subdomains are accepted.
Suffix-Match Vulnerability
Detects domain.evil.com bypass via suffix validation.
HTTP on HTTPS
Tests mixed-scheme origin acceptance.
Get a Complete Security Audit
This checker is just part of our 27-scanner security assessment. Run a full scan for a complete report.
Start Full Free Scan →