Findings · Security
CORS Not Wide Open
Access-Control-Allow-Origin: * lets ANY website make requests to your APIs
0%
of 1,042 scanned sites fail this check
Fail
0%
0 scans
Warning
13.4%
140 scans
Pass
86.6%
902 scans
Why it matters
This check belongs to Security — is it safe? It's rated high severity. Access-Control-Allow-Origin: * lets ANY website make requests to your APIs
The fix
Vettd's Fix Pack includes a copy-paste-ready solution for this check — auto-generated for your specific site, in the right format for your stack. See pricing, or scan first to see what your site needs.
Check your own site for this.
Vettd runs this check (and 81 others) on any URL. Free, no signup, ~30 seconds.
Scan your site →