Cors Bypass — Per Site Co

CORS Bypass is a lightweight Chrome extension that bypasses CORS (Cross-Origin Resource Sharing) errors on a per-site basis. Unlike global CORS extensions that affect every website and break your daily browsing, CORS Bypass activates only on the domains you choose — with zero CPU overhead when disabled.

If you're a developer getting "Access-Control-Allow-Origin" errors while testing your frontend against a local or remote API, CORS Bypass fixes it in one click without slowing down your browser or breaking your daily browsing.

✨ Key Features:

• Per-Site Control — Enable CORS bypass only on domains you need. Your other tabs stay untouched
• Smart Domain Protection — Built-in blocklist prevents accidental CORS override on 20+ major services you use daily
• Zero CPU Overhead — Uses Chrome's declarativeNetRequest API. No background listeners, no memory leaks, no battery drain. 0% CPU when disabled
• One-Click Toggle — Click the icon to enable/disable CORS for the current site. Green dot = active
• Debug Panel — See exactly how many requests were modified in real time. No guessing if it's working
• Full CORS Header Support — Injects all 5 CORS response headers: Access-Control-Allow-Origin, Methods, Headers, Credentials, and Expose-Headers
• Preflight Optimization — Handles OPTIONS preflight requests correctly and caches them for 24 hours with Access-Control-Max-Age
• Customizable Headers — Choose exactly which CORS headers to inject from the settings page
• Custom Blocklist — Add your own domains to the protection list
• Import/Export Settings — Back up and restore your entire configuration as JSON
• Dark Mode — Automatic dark/light theme based on your system settings

🎯 Who Is This For:

Perfect for frontend developers who need to test React, Vue, Angular, or vanilla JS apps against APIs running on different origins. Ideal for full-stack developers working with localhost:3000 → localhost:8080 setups, QA engineers testing cross-origin integrations, students learning web development, and anyone who encounters "blocked by CORS policy" errors during development.

Common use cases:
— Testing a frontend app against a staging or production API
— Developing Chrome extensions that make cross-origin fetch requests
— Working with third-party APIs that don't set CORS headers
— Debugging webhook integrations locally
— Prototyping with public APIs during hackathons

🔒 Privacy & Security:

• No data collection — zero telemetry, zero analytics, zero tracking
• No account required — install and use immediately
• Works 100% offline — no external servers, no proxies, all processing stays in your browser
• No content scripts — never injects code into web pages
• Inactive by default — CORS bypass only activates when you explicitly enable it per domain
• Minimal permissions — only requests what's needed: declarativeNetRequest, storage, activeTab

⚡ Why CORS Bypass vs Other CORS Extensions:

• No CPU/memory leaks — The #1 CORS extension (800K users, 3.4★ rating) causes 100% CPU usage even when disabled. CORS Bypass uses declarativeNetRequest with zero background processing
• Won't break your daily sites — Smart domain blocklist prevents the most common complaint about CORS extensions: breaking major websites you use every day
• Per-site, not global — Most CORS extensions are all-or-nothing. CORS Bypass lets you enable CORS only where you need it, keeping other sites safe
• No spam tabs — CORS Bypass never opens marketing tabs or changelog pages when you start your browser
• Actually handles preflight — Many CORS extensions fail on OPTIONS preflight requests. CORS Bypass handles them correctly with proper Max-Age caching
• Visual feedback — Badge counter shows modified requests so you know it's working. No more guessing

🆕 What's New in v1.0:

• Initial release with full per-site CORS bypass
• Smart domain protection list covering 20+ major services
• Customizable CORS header injection
• Import/export settings
• Dark mode support

🏗️ Technical Details:

• Manifest V3 — fully compliant with Chrome's latest extension platform
• declarativeNetRequest API — modern, efficient header modification without webRequest overhead
• FNV-1a hashing — collision-safe rule ID generation supporting up to 1,000 simultaneous domains
• Service Worker architecture — event-driven, no persistent background page
• TypeScript codebase — type-safe, maintainable, well-structured

CORS Bypass is built by developers, for developers. If you've tried other CORS extensions and experienced CPU spikes, broken websites, or unreliable behavior — give CORS Bypass a try.