CORS Bypass — Per-Site CORS Unblock

Bypass CORS errors per-site with one click. Zero CPU overhead, smart domain protection. Built for developers.

CORS Bypass is a lightweight Chrome extension that bypasses CORS (Cross-Origin Resource Sharing) errors on a per-site basis. Unlike global CORS extensions that affect every website and break your daily browsing, CORS Bypass activates only on the domains you choose — with zero CPU overhead when disabled. If you're a developer getting "Access-Control-Allow-Origin" errors while testing your frontend against a local or remote API, CORS Bypass fixes it in one click without slowing down your browser or breaking your daily browsing. ✨ Key Features: • Per-Site Control — Enable CORS bypass only on domains you need. Your other tabs stay untouched • Smart Domain Protection — Built-in blocklist prevents accidental CORS override on 20+ major services you use daily • Zero CPU Overhead — Uses Chrome's declarativeNetRequest API. No background listeners, no memory leaks, no battery drain. 0% CPU when disabled • One-Click Toggle — Click the icon to enable/disable CORS for the current site. Green dot = active • Debug Panel — See exactly how many requests were modified in real time. No guessing if it's working • Full CORS Header Support — Injects all 5 CORS response headers: Access-Control-Allow-Origin, Methods, Headers, Credentials, and Expose-Headers • Preflight Optimization — Handles OPTIONS preflight requests correctly and caches them for 24 hours with Access-Control-Max-Age • Customizable Headers — Choose exactly which CORS headers to inject from the settings page • Custom Blocklist — Add your own domains to the protection list • Import/Export Settings — Back up and restore your entire configuration as JSON • Dark Mode — Automatic dark/light theme based on your system settings 🎯 Who Is This For: Perfect for frontend developers who need to test React, Vue, Angular, or vanilla JS apps against APIs running on different origins. Ideal for full-stack developers working with localhost:3000 → localhost:8080 setups, QA engineers testing cross-origin integrations, students learning web development, and anyone who encounters "blocked by CORS policy" errors during development. Common use cases: — Testing a frontend app against a staging or production API — Developing Chrome extensions that make cross-origin fetch requests — Working with third-party APIs that don't set CORS headers — Debugging webhook integrations locally — Prototyping with public APIs during hackathons 🔒 Privacy & Security: • No data collection — zero telemetry, zero analytics, zero tracking • No account required — install and use immediately • Works 100% offline — no external servers, no proxies, all processing stays in your browser • No content scripts — never injects code into web pages • Inactive by default — CORS bypass only activates when you explicitly enable it per domain • Minimal permissions — only requests what's needed: declarativeNetRequest, storage, activeTab ⚡ Why CORS Bypass vs Other CORS Extensions: • No CPU/memory leaks — The #1 CORS extension (800K users, 3.4★ rating) causes 100% CPU usage even when disabled. CORS Bypass uses declarativeNetRequest with zero background processing • Won't break your daily sites — Smart domain blocklist prevents the most common complaint about CORS extensions: breaking major websites you use every day • Per-site, not global — Most CORS extensions are all-or-nothing. CORS Bypass lets you enable CORS only where you need it, keeping other sites safe • No spam tabs — CORS Bypass never opens marketing tabs or changelog pages when you start your browser • Actually handles preflight — Many CORS extensions fail on OPTIONS preflight requests. CORS Bypass handles them correctly with proper Max-Age caching • Visual feedback — Badge counter shows modified requests so you know it's working. No more guessing 🆕 What's New in v1.0: • Initial release with full per-site CORS bypass • Smart domain protection list covering 20+ major services • Customizable CORS header injection • Import/export settings • Dark mode support 🏗️ Technical Details: • Manifest V3 — fully compliant with Chrome's latest extension platform • declarativeNetRequest API — modern, efficient header modification without webRequest overhead • FNV-1a hashing — collision-safe rule ID generation supporting up to 1,000 simultaneous domains • Service Worker architecture — event-driven, no persistent background page • TypeScript codebase — type-safe, maintainable, well-structured CORS Bypass is built by developers, for developers. If you've tried other CORS extensions and experienced CPU spikes, broken websites, or unreliable behavior — give CORS Bypass a try.