Home / APIs / CORS Proxy & Web Toolbox

CORS Proxy & Web Toolbox API

Fetch any URL with permissive CORS headers, plus link metadata, favicons, and header inspection.

A CORS proxy lets your browser-side JavaScript fetch resources from domains that don't send Access-Control-Allow-Origin headers — the cause of the dreaded “blocked by CORS policy” error. This API fetches any URL server-side and returns it with permissive CORS headers, so your front-end can read the response.

It also bundles three web utilities developers reach for constantly: link-preview metadata extraction (Open Graph & Twitter cards), favicon discovery, and HTTP header / redirect-chain inspection — all behind one simple, SSRF-hardened endpoint set.

Endpoints

Method	Path	Description
GET	`/proxy?url=`	Fetch any URL (GET) and return it with CORS headers
POST	`/proxy`	Proxy any method/body to a URL with CORS headers
GET	`/metadata?url=`	Extract Open Graph / Twitter / link-preview metadata
GET	`/favicon?url=`	Discover a site's favicons with a best pick
GET	`/headers?url=`	Inspect response headers, status, timing, redirects

Quick start

cURL (via RapidAPI)

curl --url 'https://cors-proxy-web-toolbox.p.rapidapi.com/metadata?url=https://github.com' \
  --header 'X-RapidAPI-Key: YOUR_KEY' \
  --header 'X-RapidAPI-Host: cors-proxy-web-toolbox.p.rapidapi.com'

JavaScript (fetch)

const res = await fetch('https://cors-proxy-web-toolbox.p.rapidapi.com/metadata?url=https://github.com', {
  headers: {
    'X-RapidAPI-Key': 'YOUR_KEY',
    'X-RapidAPI-Host': 'cors-proxy-web-toolbox.p.rapidapi.com'
  }
});
const data = await res.json();

Example response

{
  "url": "https://github.com",
  "title": "GitHub: Let’s build from here",
  "description": "GitHub is where over 100 million developers shape the future of software.",
  "image": "https://github.githubassets.com/images/modules/site/social-cards/campaign-social.png",
  "siteName": "GitHub"
}

Pricing

Subscribe on RapidAPI. Start free; upgrade as you scale.

Basic

Free

1,000 requests / mo

Pro

$5 / mo

100,000 requests / mo

Ultra

$20 / mo

1,000,000 requests / mo

Mega

$50 / mo

2,000,000 requests / mo

Try it free, right now

No signup — test it in your browser with our free CORS Proxy Tester tool.

Open the CORS Proxy Tester →

Frequently asked questions

What is a CORS proxy and when do I need one?

A CORS proxy is a server that fetches a URL on your behalf and re-serves it with an Access-Control-Allow-Origin header. You need one when your browser JavaScript must read a response from an API or website that doesn't allow cross-origin requests.

Is the proxy safe against SSRF?

Yes. The proxy blocks internal hostnames and every private/reserved IP range (loopback, link-local, cloud metadata, RFC1918), pins connections to validated public IPs to defeat DNS rebinding, follows redirects with per-hop re-validation, and caps response size and time.

Can I proxy POST requests and custom headers?

Yes — POST /proxy forwards your method, headers, and body to the target URL and returns the response with CORS headers added.

Ready to build with CORS Proxy & Web Toolbox?

Grab your key on RapidAPI and start on the free tier.

Get it on RapidAPI ↗