CORS & Custom Headers Test

Test Overview

This page demonstrates the correct behavior of the CORS fix:

Same-Origin Requests (this domain): Receive custom headers (X-Forwarded-For, X-Test-Header, etc.)
All Requests: Receive persistent headers (User-Agent, Accept-Language)
Result: No CORS errors, all resources load successfully

Note: This is a self-contained test using only resources from test-website.data-extractor.com. In production, cross-origin CDN resources would only receive persistent headers, preventing CORS issues.

1. Same-Origin Resources Status

All resources on this page are same-origin (from test-website.data-extractor.com). They should all receive custom headers.

✓ INFO: This test page uses locally-served resources to keep tests self-contained.
Key Concept: Same-origin resources (same domain) receive custom headers, while cross-origin CDN resources would only get persistent headers.

2. Main Document Headers

Headers sent with the main HTML page request (same-origin):

Loading...

Note: These headers are captured server-side when the page was loaded.

Expected Headers:

User-Agent - Should be present (persistent)
Accept-Language - Should be present (persistent)
X-Forwarded-For - Should be present (custom, same-origin)
X-Test-Header - Should be present (custom, same-origin)
X-Real-IP - Should be present (custom, same-origin)

3. Same-Origin API Request Headers

Headers sent with XHR/Fetch API call to /api/headers (same-origin):

This test runs automatically on page load. You can manually re-run it using the button below.

Note: This API endpoint is on the same domain, so it should receive custom headers.

4. Console Errors Check

Checking browser console for CORS-related errors:

No console errors detected so far.

5. Summary

Test Results:

Initializing tests...

Testing Instructions

To test same-origin custom header behavior:

Take a screenshot of this page with custom headers:

{
  "url": "http://test-website.data-extractor.com/cors-test",
  "format": "png",
  "full_size": true,
  "request_headers": [
    "X-Forwarded-For: 192.168.1.100",
    "X-Test-Header: CORS-Test-Value",
    "X-Real-IP: 192.168.1.100"
  ]
}

Check the screenshot to verify:
- Main document headers show custom headers (yellow highlighted)
- API headers show custom headers (yellow highlighted)
- User-Agent and Accept-Language present in all requests (green highlighted)
- No CORS errors in console

What This Test Demonstrates

This test page is entirely same-origin (all resources from test-website.data-extractor.com), which demonstrates that:

✅ Same-origin requests (HTML, API calls, CSS, JS) all receive custom headers
✅ Persistent headers (User-Agent, Accept-Language) are included in all requests
✅ No CORS issues occur because all resources are from the same domain

In production: Cross-origin CDN resources (jQuery from code.jquery.com, Bootstrap from cdn.jsdelivr.net, etc.) would only receive persistent headers, preventing CORS preflight failures while still maintaining custom headers for your own API endpoints.

Web Scraper Test Website

Same-Origin Custom Headers Test Page