Access Control-Allow-Origin - Unblock Unblock CORS error while developing or experimenting
Support Development
PayPal ● 
Bitcoin Address: 1sM2BrTH8BRgt3quiASK8TmYSafutNvDo
Dogecoin Address: DFdSGpGMZ2EZVkjyqNrYCEysK92DFPonx4
The "Access Control-Allow-Origin - Unblock" extension simply unblocks CORS limitation when it is enabled. Basically, the extension inserts two new headers to every web requests: "access-control-allow-origin" is set to "*" which allows access to the web request from all origins and "access-control-allow-methods" header is set to allow 'GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'PATCH' methods which allow XMLHttpRequest for these methods. You can ask the extension to not overwrite these headers if they do already exist. Also, you can limit the allowed methods from right-click context menu over the toolbar button. Note that this extension is disabled by default to prevent unintended unblocking. To enable it, click the toolbar button once. When the extension is enabled, the toolbar button is colorful.


  1. What is the "Access-Control-Allow-Origin - Unblock" add-on and how can I use it?

    This extension is a simple tool for developers to unblock CORS error when the server does not explicitly allow it. By default, if there is no "access-control-allow-origin" header in the response request, the browser does not allow XMLHttpRequest method for the fetch method from accessing the resource. When this extension is enabled, each web request will be appended with "access-control-allow-origin: *" header. This way you can perform the XMLHttpRequest method without getting any error. If this header is not provided you will get:

    Access to XMLHttpRequest at *** from origin *** has been blocked by CORS policy: Method *** is not allowed by Access-Control-Allow-Methods in preflight response.

    while doing a XMLHttpRequest or fetch request. Note that this extension is disabled by default. You will need to enable it if you need to bypass this CORS error while developing. It is not recommended to keep the addon enabled all the times for two reasons: 1. When the extension is enabled, all web requests are being monitored and each one is appended with these two headers. 2. it is not safe to allow unwanted JS script from having access to all resources when they are not explicitly allowed. Note that when the extension is disabled, there is no observer for your network, hence the extension does not use any resource at all

  2. recommended "Open in Tor Browser" extension for Chrome, Edge, and Firefox browsers

    Use this extension to open unknown links and websites. By using the Tor browser, they cannot track you or use your browser fingerprint to identify you. Click the action button to send the current page, or use the context menu item to send links without first storing them to the clipboard! Read more here.

  3. What's new in this version?

    Please check the Logs section.

  4. What happens if a web request already has either "access-control-allow-origin" or "access-control-allow-methods" headers?

    It depends on your settings. By default, the extension overwrites both of these headers. If you want to keep the original values, use the right-click context menu to disable overwriting when the headers exist. You can disable overwriting for each of these headers separately

  5. How can I know if the extension is enabled?

    When the extension is enabled, the toolbar button is colorful and if your mouse is placed over the toolbar button, you will get the status in the tooltip area.

  6. I like to keep this extension enabled all the time, but it conflicts with some websites like "". Any way to limit it to certain hostnames?

    The extension does not offer this feature. However, if you are on a Chromium browser, right-click on the action button and select "This can Read and Change Site Date" and limit the extension access to the hostnames that you need.

Matched Content



Please keep reviews clean, avoid the use of improper language and do not post any personal information.

What's new in this version

Change Logs:
    Last 10 commits on GitHub
    Hover over a node to see more details

    Need help?

    If you have questions about the extension, or ideas on how to improve it, please post them on the  support site. Don't forget to search through the bug reports first as most likely your question/bug report has already been reported or there is a workaround posted for it.

    Open IssuesIssuesForks

    Permissions are explained

    storageto save user preferences like enable or disable status after browser restart
    <all_urls>to be able to monitor and alter all web requests when the extension is enabled
    webRequestto be able to add network observer
    webRequestBlockingto be able to append custom headers to each web request when enabled
    contextMenusto add options to the right-click context menu item over the toolbar button

    Recent Blog Posts on