HTTP Server Cross-Origin Resource Sharing (CORS) Scanner
HTTP Server Cross-Origin Resource Sharing (CORS) Scanner
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
3 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
Tests an http server for Cross-Origin Resource Sharing (CORS), a way for domains to explicitly opt in to having certain methods invoked by another domain.
The script works by setting the Access-Control-Request-Method header field for certain enumerated methods in OPTIONS requests, and checking the responses.
