Stable signalNo paid features detectedHigh-risk permissions
CORS Unblock icon

CORS Unblock

No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled

Users200KCurrent public install base
Rating4.1Store average score
Reviews175Public review volume
Manifest versionV3Extension platform version
7-day growth0Net users gained this week
7-day growth rate0%Relative weekly velocity
Preview

CORS Unblock Media preview

4 assets
Trend

User growth trend

Review user movement across collected snapshots.

User Growth Over Time

200K200K200K200K200K2026年7月13日2026年7月16日2026年7月19日Latest: 200K
Rating trend

7-day rating trend

View collected rating snapshots from the latest 7-day window to assess rating stability.

7-day rating change

Start
4.08
Latest
4.08
7-day rating change
0.00
3.984.034.084.134.182026年7月13日2026年7月16日2026年7月19日Latest: 4.08
2026年7月13日2026年7月19日
Growth overview

Daily, weekly, and monthly growth

Compare 1-day, 7-day, and 30-day net growth and growth rate.

1-day growthFlat
00%
7-day growthFlat
00%
30-day growthFlat
00%
Technical snapshot

Version, languages, and crawl freshness

Review publication date, version, supported languages, and crawl timestamps.

Version0.5.2
ManifestV3
Size198KiB
Languages1English
Published
Store updated
Last crawled
English
Overview

Product summary

Review the store description, core capabilities, and common use cases.

This extension bypasses the "XMLHttpRequest" and "fetch" rejections by altering the "Access-Control-Allow-Origin" and "Access-Control-Allow-Methods" headers for every request that the browser receives. You can activate the extension by pressing the action button. Also, use the right-click context menu over the action button to modify which headers the extension manipulates. You can also ask the extension not to overwrite these headers when the server returns values for them.

The default values for the headers:

Access-Control-Allow-Origin: request initiator or empty

Access-Control-Allow-Methods": GET, PUT, POST, DELETE, HEAD, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK

Access-Control-Allow-Methods: request initiator or empty

Access-Control-Allow-Credentials: true

Reviews

Recent review snapshot

Inspect the latest comments and rating distribution.

Store average score4.1Chrome Web Store aggregate rating, including ratings without synced review text
Synced text average4.0Average computed only from synced review bodies below
Reviews with text131Synced review bodies
Total ratings / reviews175Chrome Web Store public rating/review count

Store average score: 4.1. The bars below are calculated from synced review text only, so they may be empty for extensions that have public ratings but no synced comments yet.

5
85
4
9
3
7
2
7
1
23
Rafik Mechria2024年9月10日
5

chome should keep this amazing extention is the best for this kind of dev experience

Version 0.3.8Language en
1 helpful · 0 not helpful
yingdong mao2024年7月23日
1

doesn't work for me.

Version 0.3.8Language en
3 helpful · 0 not helpful
Justice Almanzar2024年7月2日
2

This seems to always modify your requests, not only when it's "active". Headache of a bugfix that was actually machine confinguration

Version 0.3.8Language en
Ryan Gilmore2024年6月14日
3

Was working, then stopped.

Version 0.3.8Language en
1 helpful · 0 not helpful
doggo cabos2024年6月4日
5

With the update to Manifest v3, when sending a request with fetch from a homemade Chrome extension, a CORS error will occur 100% of the time, and there is nothing the client can do to avoid it. However, by using this extension, you can receive responses with fetch without them failing with a CORS error. This extension is like a godsend for Chrome extension developers.

Version 0.3.8Language en
Dmitry Leskov2024年5月27日
5

Работает отлично, иногда правда так привыкаешь что не замечаешь того, что работает это только локально хд

Version 0.3.8Language ru
2 helpful · 0 not helpful
Makaylah Bennett2024年5月23日
1

doesnt work

Version 0.3.8Language en
4 helpful · 0 not helpful
me notyou2024年4月8日
1

Not working when CORS header is ignored b/c coming through a unsecure request (http). "The Cross-Origin-Opener-Policy header has been ignored, because the URL's origin was untrustworthy. It was defined either in the final response or a redirect. Please deliver the response using the HTTPS protocol. You can also use the 'localhost' origin instead."

Version 0.3.8Language en
1 helpful · 3 not helpful
Clara Bertaut2024年3月23日
5

Seems to work well, and does what I needed it to do (allows me to parse HTTP responses on localhost by appending 'Access-Control-Allow-Origin: *' to the header). It supports a number of other configurations, as well, which I don't currently need but are nice to have as options.

Version 0.3.8Language en
1 helpful · 0 not helpful
Özkan Doğu2024年3月21日
5

Sağol

Version 0.3.8Language az