---
title: Define CORS headers
description: Adjust [Cross-Origin Resource Sharing (CORS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) headers and handle preflight requests.
image: https://developers.cloudflare.com/core-services-preview.png
---

> Documentation Index  
> Fetch the complete documentation index at: https://developers.cloudflare.com/rules/llms.txt  
> Use this file to discover all available pages before exploring further.

[Skip to content](#%5Ftop) 

### Tags

[ Headers ](https://developers.cloudflare.com/search/?tags=Headers)[ Request modification ](https://developers.cloudflare.com/search/?tags=Request%20modification)[ Response modification ](https://developers.cloudflare.com/search/?tags=Response%20modification) 

# Define CORS headers

Adjust [Cross-Origin Resource Sharing (CORS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) headers and handle preflight requests.

JavaScript

```

// Define CORS headers

const corsHeaders = {

  "Access-Control-Allow-Origin": "*", // Replace * with your allowed origin(s)

  "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS", // Adjust allowed methods as needed

  "Access-Control-Allow-Headers": "Content-Type, Authorization", // Adjust allowed headers as needed

  "Access-Control-Max-Age": "86400", // Adjust max age (in seconds) as needed

};


export default {

  async fetch(request) {

    // Make a copy of the request to modify its headers

    const modifiedRequest = new Request(request);


    // Handle preflight requests (OPTIONS)

    if (request.method === "OPTIONS") {

      return new Response(null, {

        headers: {

          ...corsHeaders,

        },

        status: 200, // Respond with OK status for preflight requests

      });

    }


    // Pass the modified request through to the origin

    const response = await fetch(modifiedRequest);


    // Make a copy of the response to modify its headers

    const modifiedResponse = new Response(response.body, response);


    // Set CORS headers on the response

    Object.keys(corsHeaders).forEach((header) => {

      modifiedResponse.headers.set(header, corsHeaders[header]);

    });


    return modifiedResponse;

  },

};


```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/rules/","name":"Rules"}},{"@type":"ListItem","position":3,"item":{"@id":"/rules/snippets/","name":"Cloudflare Snippets"}},{"@type":"ListItem","position":4,"item":{"@id":"/rules/snippets/examples/","name":"Snippets examples"}},{"@type":"ListItem","position":5,"item":{"@id":"/rules/snippets/examples/define-cors-headers/","name":"Define CORS headers"}}]}
```