Access Control-Allow-Origin - Unblock Unblock CORS error while developing or experimenting
Support Development
PayPal ● 
Bitcoin Address: 1sM2BrTH8BRgt3quiASK8TmYSafutNvDo
Dogecoin Address: DFdSGpGMZ2EZVkjyqNrYCEysK92DFPonx4
Your Input Matters
The "Access Control-Allow-Origin - Unblock" extension simply unblocks CORS limitation when it is enabled. Basically, the extension inserts two new headers to every web requests: "access-control-allow-origin" is set to "*" which allows access to the web request from all origins and "access-control-allow-methods" header is set to allow 'GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'PATCH' methods which allow XMLHttpRequest for these methods. You can ask the extension to not overwrite these headers if they do already exist. Also, you can limit the allowed methods from right-click context menu over the toolbar button. Note that this extension is disabled by default to prevent unintended unblocking. To enable it, click the toolbar button once. When the extension is enabled, the toolbar button is colorful.



  1. What is the "Access-Control-Allow-Origin - Unblock" add-on and how can I use it?

    This extension is a simple tool for developers to unblock CORS error when the server does not explicitly allow it. By default, if there is no "access-control-allow-origin" header in the response request, the browser does not allow XMLHttpRequest method for the fetch method from accessing the resource. When this extension is enabled, each web request will be appended with "access-control-allow-origin: *" header. This way you can perform the XMLHttpRequest method without getting any error. If this header is not provided you will get:

    Access to XMLHttpRequest at *** from origin *** has been blocked by CORS policy: Method *** is not allowed by Access-Control-Allow-Methods in preflight response.

    while doing a XMLHttpRequest or fetch request. Note that this extension is disabled by default. You will need to enable it if you need to bypass this CORS error while developing. It is not recommended to keep the addon enabled all the times for two reasons: 1. When the extension is enabled, all web requests are being monitored and each one is appended with these two headers. 2. it is not safe to allow unwanted JS script from having access to all resources when they are not explicitly allowed. Note that when the extension is disabled, there is no observer for your network, hence the extension does not use any resource at all

  2. recommended "Weather Forecast" extension for Chrome, Edge, Firefox, and Opera browsers

    Get local and long-range weather forecasts (including feels-like temperature) for multiple locations right in your browser toolbar. Read more here.

  3. What's new in this version?

    Please check the Logs section.

  4. What happens if a web request already has either "access-control-allow-origin" or "access-control-allow-methods" headers?

    It depends on your settings. By default, the extension overwrites both of these headers. If you want to keep the original values, use the right-click context menu to disable overwriting when the headers exist. You can disable overwriting for each of these headers separately

  5. How can I know if the extension is enabled?

    When the extension is enabled, the toolbar button is colorful and if your mouse is placed over the toolbar button, you will get the status in the tooltip area.

  6. I like to keep this extension enabled all the time, but it conflicts with some websites like "". Any way to limit it to certain hostnames?

    The extension does not offer this feature. However, if you are on a Chromium browser, right-click on the action button and select "This can Read and Change Site Date" and limit the extension access to the hostnames that you need.

  7. If you need to unblock CPS (content-security-policy) and have control on all the related headers use:

Matched Content



Please keep reviews clean, avoid improper language, and do not post any personal information. Also, please consider sharing your valuable input on the official store.

What's new in this version

Change Logs:
    Last 10 commits on GitHub
    Hover over a node to see more details

    Need help?

    If you have questions about the extension, or ideas on how to improve it, please post them on the  support site. Don't forget to search through the bug reports first as most likely your question/bug report has already been reported or there is a workaround posted for it.

    Open IssuesIssuesForks

    Permissions are explained

    storageto save user preferences like enable or disable status after browser restart
    <all_urls>to be able to monitor and alter all web requests when the extension is enabled
    webRequestto be able to add network observer
    webRequestBlockingto be able to append custom headers to each web request when enabled
    contextMenusto add options to the right-click context menu item over the toolbar button

    Recent Blog Posts on