Moesif Origin & CORS Changer

How to install an extension Open in Chrome Web Store

CRX ID

digfbfaphojjndkpccljibejjbppifbc

Status

Live on Store

Description from extension meta

This plugin allows you to send cross-domain requests. You can also override Request Origin and CORS headers.

Image from store

Description from store

This plugin allows you to send cross-domain requests directly from browser without receiving Cross Origin Errors.
You can override the Request Origin header with this plugin and also have Access-Control-Allow-Origin set to *.

Update: We received comments from Chromium team that the support for request preflight interception for CORB thus CORS is still to be finalized. At this point this extension should work for some scenarios but not all, we believe it is still most functional of all CORS extensions out there. We'll keep you updated.

You can override:
Request Headers: Origin
Response Headers: Access-Control-Allow-Origin, Access-Control-Allow-Methods, Access-Control-Allow-Headers, Access-Control-Allow-Credentials, Access-Control-Expose-Headers

Guide on CORS:
https://www.moesif.com/blog/technical/cors/Authoritative-Guide-to-CORS-Cross-Origin-Resource-Sharing-for-REST-APIs/

DISCLAIMER: This tool circumvents CORS security rules baked into every browser and is intended for testing your own website during development. Some production websites like Google Docs or Facebook may complain if they detect something that isn't expected. You can use the whitelist feature to only turn on for some domains. To avoid security issues, it is recommend to turn off after debugging.

About Moesif:

Moesif (https://www.moesif.com) enables API teams at UPS, Radar, Deloitte, and others to deeply understand customer API usage and ship better API products with user-centric API analytics and monitoring, which enables you to:
- Understand customer API usage with user behavior analytics.
- Debug issues quickly with high-cardinality API logs and metrics.
- Get alerted of problems that impact customers.
- Track API KPIs with custom dashboards.
- Trigger behavioral emails that keep customers informed.
- Detect and Block API threats and abuse including OWASP Top 10 API threats.

Latest reviews

Amir Mehrjoo 2025-10-16: it worked
Rick Kerry 2025-10-13: doesn't work document.getElementsByClassName('myiframe')[0].contentWindow.document Uncaught SecurityError: Failed to read a named property 'document' from 'Window': Blocked a frame with origin "https://xxxxxxxx.com" from accessing a cross-origin frame.
The_Dark_Jumper 2025-03-21: Great. Only affects hosts that are explicitly whitelisted, very reasonable.
Mindy Wu 2025-01-12: it work
Wayne Mao 2024-06-03: The domain whitelist works well, but the plugin doesn't support web fonts. For web fonts, it needs Access-Control-Allow-Origin: * Store doesn't allow me to add a new review, so I edit the previous review to report a bug in recent release: The 'Allow-Control-Expose-Header' should return '*' by default, which is not returning empty Hope the dev team can take a look. The workaround is to manually set the value to '*'
Wayne Mao 2024-06-03: The domain whitelist works well, but the plugin doesn't support web fonts. For web fonts, it needs Access-Control-Allow-Origin: * Store doesn't allow me to add a new review, so I edit the previous review to report a bug in recent release: The 'Allow-Control-Expose-Header' should return '*' by default, which is not returning empty Hope the dev team can take a look. The workaround is to manually set the value to '*'
Nguyễn Huy Hùng 2023-04-26: It worked, so great! Thank you
Nguyễn Huy Hùng 2023-04-26: It worked, so great! Thank you
Satish Patro 2023-02-16: I don't see this in response header in dev tools, I did open advanced part & registered mail & saved it
Satish Patro 2023-02-16: I don't see this in response header in dev tools, I did open advanced part & registered mail & saved it
Ford D 2022-12-14: Does not work without email. Does not accept gmail as email to unlock features. Uninstalled.
Ford D 2022-12-14: Does not work without email. Does not accept gmail as email to unlock features. Uninstalled.
Dmitry 2022-12-13: Just not working out of box after switching it On
Dmitry 2022-12-13: Just not working out of box after switching it On
Alexander Druzhinin 2022-04-28: works for me
Alexander Druzhinin 2022-04-28: works for me
Артем С 2022-03-29: требует рабочий email
Snow zyk 2021-11-20: great fix my problem on chrome site
Snow zyk 2021-11-20: great fix my problem on chrome site
Garry Passarella 2021-11-15: Doesn't work, and demands an email address to access advanced options.
Garry Passarella 2021-11-15: Doesn't work, and demands an email address to access advanced options.
Alex 2021-11-10: Ohne Einstellungen nicht wirklich nützlich.
m k 2021-10-11: 非常方便，很好用，用这个插件不用搞其他各种配置，直接访问也不会跨域了
Faysal Shuvo 2021-08-28: works like a charm for me!
Faysal Shuvo 2021-08-28: works like a charm for me!
wearey 2021-07-24: Does not work with fetch
wearey 2021-07-24: Does not work with fetch
Andreas Basso 2021-07-06: Very very useful to fix quickly the CORS issue !! Now i have my own proxy to bypass this issue but this app help me a lot, thanks !
Andreas Basso 2021-07-06: Very very useful to fix quickly the CORS issue !! Now i have my own proxy to bypass this issue but this app help me a lot, thanks !
Kristina Mason 2021-06-25: I can't get this to work in Chrome, only Edge. I downloaded it in Chrome and it showed very briefly in my toolbar and then disappeared. I can see it in my list of Extensions and it's active, but I can't get to the actual app icon in the toolbar to turn it on or off. The icon showed up with a grey "off" on it, and then disappeared.
Kristina Mason 2021-06-25: I can't get this to work in Chrome, only Edge. I downloaded it in Chrome and it showed very briefly in my toolbar and then disappeared. I can see it in my list of Extensions and it's active, but I can't get to the actual app icon in the toolbar to turn it on or off. The icon showed up with a grey "off" on it, and then disappeared.
Aaron Wentzel 2021-06-09: It doesn't work on latest macOS + Microsoft Edge
Aaron Wentzel 2021-06-09: It doesn't work on latest macOS + Microsoft Edge
Greg Quinn 2021-05-01: Works as intended, a great help for me when developing locally on my game SuperTrucks Offroad 2!
Greg Quinn 2021-05-01: Works as intended, a great help for me when developing locally on my game SuperTrucks Offroad 2!
Will Pan 2021-04-25: macOS 11.2.1 Chrome/90.0.4430.85 didn't work for me
Will Pan 2021-04-25: macOS 11.2.1 Chrome/90.0.4430.85 didn't work for me
NK SleepyBani 2021-04-24: It works I LOVE YOU <3
NK SleepyBani 2021-04-24: It works I LOVE YOU <3
Nino Trnovský 2021-03-11: this changed my life for good. the creator has big pp energy kudos to him. i wish 72 virgins upon the creator.
Nino Trnovský 2021-03-11: this changed my life for good. the creator has big pp energy kudos to him. i wish 72 virgins upon the creator.
Ehsan Alimohammadi 2021-03-06: Unfortunately, it doesn't work for me. I used chrome v89 and relaunch, clear cache. I think in new version of Chrome this plugin doesn't work. When I run chrome with --disable-web-security argument, CORS disabled actually but with this plugin I can't. Do you have any solution to solve problem?
Ehsan Alimohammadi 2021-03-06: Unfortunately, it doesn't work for me. I used chrome v89 and relaunch, clear cache. I think in new version of Chrome this plugin doesn't work. When I run chrome with --disable-web-security argument, CORS disabled actually but with this plugin I can't. Do you have any solution to solve problem?
José Carneiro 2021-03-05: Doesn't allow configuration without submiting email.
José Carneiro 2021-03-05: Doesn't allow configuration without submiting email.
moein_dev 2021-02-21: add auto disable for youtube cause youtube blocks i from watching when yout extension is on
moein_dev 2021-02-21: add auto disable for youtube cause youtube blocks i from watching when yout extension is on
Filip 769 2021-02-07: works
Filip 769 2021-02-07: works
Dongdong Zhu 2021-02-01: 挺好的，可以解决跨域问题

Extension Actions