Add a wildcard CORS response header

Create a response header transform rule to add an Access-Control-Allow-Origin CORS HTTP header to the response with a static wildcard value.

The following response header transform rule adds a header named Access-Control-Allow-Origin with a static wildcard value (*) to the HTTP response:

Text in Expression Editor:

(http.host eq "<YOUR_HOSTNAME>")

Selected operation under Modify response header: Set static

Header name: Access-Control-Allow-Origin

Value: *

You can also use an expression similar to the following to apply the CORS header to several specific hostnames:

(http.host in {"<YOUR_HOSTNAME_1>" "<YOUR_HOSTNAME_2>"})

Was this helpful?

Resources
API
New to Cloudflare?
Directory
Sponsorships
Open Source

Support
Help Center
System Status
Compliance
GDPR

Company
cloudflare.com
Our team
Careers

Tools
Cloudflare Radar
Speed Test
Is BGP Safe Yet?
RPKI Toolkit
Certificate Transparency

Community
X
Discord
YouTube
GitHub

Privacy Policy
Terms of Use
Report Security Issues
Trademark