---
title: Define CORS headers
description: Adjust [Cross-Origin Resource Sharing (CORS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) headers and handle preflight requests.
image: https://developers.cloudflare.com/core-services-preview.png
---

> Documentation Index  
> Fetch the complete documentation index at: https://developers.cloudflare.com/rules/llms.txt  
> Use this file to discover all available pages before exploring further. 

[Skip to content](#%5Ftop) 

# Define CORS headers

Adjust [Cross-Origin Resource Sharing (CORS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) headers and handle preflight requests.

JavaScript

```
// Define CORS headersconst corsHeaders = {  "Access-Control-Allow-Origin": "*", // Replace * with your allowed origin(s)  "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS", // Adjust allowed methods as needed  "Access-Control-Allow-Headers": "Content-Type, Authorization", // Adjust allowed headers as needed  "Access-Control-Max-Age": "86400", // Adjust max age (in seconds) as needed};
export default {  async fetch(request) {    // Make a copy of the request to modify its headers    const modifiedRequest = new Request(request);
    // Handle preflight requests (OPTIONS)    if (request.method === "OPTIONS") {      return new Response(null, {        headers: {          ...corsHeaders,        },        status: 200, // Respond with OK status for preflight requests      });    }
    // Pass the modified request through to the origin    const response = await fetch(modifiedRequest);
    // Make a copy of the response to modify its headers    const modifiedResponse = new Response(response.body, response);
    // Set CORS headers on the response    Object.keys(corsHeaders).forEach((header) => {      modifiedResponse.headers.set(header, corsHeaders[header]);    });
    return modifiedResponse;  },};
```

```json
{"@context":"https://schema.org","@type":"TechArticle","@id":"https://developers.cloudflare.com/rules/snippets/examples/define-cors-headers/#page","headline":"Define CORS headers · Cloudflare Rules docs","description":"Adjust Cross-Origin Resource Sharing (CORS) headers and handle preflight requests.","url":"https://developers.cloudflare.com/rules/snippets/examples/define-cors-headers/","inLanguage":"en","image":"https://developers.cloudflare.com/core-services-preview.png","dateModified":"2025-10-13","publisher":{"@type":"Organization","name":"Cloudflare","url":"https://www.cloudflare.com/"},"isPartOf":{"@type":"WebSite","@id":"https://developers.cloudflare.com/#website","name":"Cloudflare Docs","url":"https://developers.cloudflare.com/"},"keywords":["Headers","Request modification","Response modification"]}
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/rules/","name":"Rules"}},{"@type":"ListItem","position":3,"item":{"@id":"/rules/snippets/","name":"Cloudflare Snippets"}},{"@type":"ListItem","position":4,"item":{"@id":"/rules/snippets/examples/","name":"Snippets examples"}},{"@type":"ListItem","position":5,"item":{"@id":"/rules/snippets/examples/define-cors-headers/","name":"Define CORS headers"}}]}
```