A firefox addon enabling CORS everywhere by altering http responses.
Switch branches/tags
Nothing to show
Clone or download


CORS Everywhere

This is a firefox addon that allows the user to enable CORS everywhere by altering http responses.


This addon is now a WebExtension.


The addon's functionality can be toggled with the included button and is disabled by default. The button can be found by right-clicking a toolbar and choosing customize. It is labelled CorsE and has 3 states:

  • red, addon is disabled, CORS rules are upheld.
  • green, addon is enabled, CORS rules are bypassed.
  • green/red, addon is enabled and using the activation whitelist, CORS rules are bypassed when the origin url matches a filter in the whitelist.

A basic CORS test is available in the repository at ./_test/cors-everywhere-test.html.

Intended for developers. Use at your own risk.


Available in about:addons.

  • Enabled at startup Enables this addon on startup.
  • Force value of "access-control-allow-origin" Self explanatory.
  • Activation whitelist When the addon is enabled, this will check the origin url against the whitelist to decide if headers will be modified. Uses regular expressions.


  • The addon is enabled but the requests return content as if no user was logged in the target domain.

    Try using withCredentials.