Tool · OWASP A05 — CORS misconfiguration

CORS Tester

Sends a battery of Origin probes (reflection, null, suffix/prefix bypass, subdomain, scheme downgrade, and a preflight) and classifies the server's policy. The dangerous one is arbitrary Origin reflected with credentials — that's readable cross-origin auth.