CORS Policy Generator
Generate server-specific CORS configurations from a single form. Supports Nginx, Apache, Express, ASP.NET, and Cloudflare Workers.
Allowed methods
Allowed headers
Generated configuration
# Note: Browsers only honor one ACAO header. Consider using a map directive:
# map $http_origin $cors_origin {
# default "";
# "~https://example.com" "https://example.com";
# "~https://www.example.com" "https://www.example.com";
# }
# add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Origin "https://example.com" always;
add_header Access-Control-Allow-Origin "https://www.example.com" always;
add_header Access-Control-Allow-Methods "GET, POST" always;
add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;
add_header Access-Control-Max-Age "86400" always;