What is AllOrigins?
AllOrigins (allorigins.win) is a free CORS proxy service that allows developers to fetch content from any URL with proper CORS headers. It’s part of a lineage of similar services including AnyOrigin, WhateverOrigin, and various other implementations.
The service works by accepting a target URL, fetching the content server-side, and returning it with Access-Control-Allow-Origin headers that permit browser access from any origin.
How AllOrigins Works
AllOrigins provides two response formats:
// Raw content (returns the actual page content)
const rawUrl = `https://api.allorigins.win/raw?url=${encodeURIComponent(targetUrl)}`;
// JSON wrapper (returns content in JSON structure)
const jsonUrl = `https://api.allorigins.win/get?url=${encodeURIComponent(targetUrl)}`;
const response = await fetch(jsonUrl);
const data = await response.json();
// data.contents contains the actual contentAllOrigins vs CorsProxy.io
While AllOrigins provides a free service, CorsProxy.io offers significant advantages for serious development:
Reliability: AllOrigins has no published uptime SLA and experiences periodic downtime. CorsProxy.io guarantees 99.99% uptime with 24/7 monitoring.
Performance: AllOrigins runs on limited infrastructure without global distribution. CorsProxy.io uses 300+ edge locations with intelligent caching for sub-50ms response times.
Production Ready: AllOrigins is designed for development use. CorsProxy.io is built for production workloads with proper rate limiting, monitoring, and support.
Feature Comparison
| Feature | AllOrigins | CorsProxy.io |
|---|---|---|
| Free Tier | Unlimited* | 10,000 req/mo |
| Uptime SLA | None | 99.99% |
| Response Time | Variable | <50ms |
| Global CDN | No | Yes |
| Custom Headers | No | Yes |
| POST/PUT Support | Limited | Full |
| Production Support | No | Yes |
*AllOrigins has undocumented rate limits
When to Use Each
Choose AllOrigins if:
- You’re in early development/prototyping
- You have very low traffic requirements
- You don’t need reliability guarantees
- Budget is the only consideration
Choose CorsProxy.io if:
- You’re building production applications
- You need consistent performance
- You want proper support and SLAs
- You need advanced features (custom headers, caching)
Migration Example
Moving from AllOrigins to CorsProxy.io is simple:
// Before (AllOrigins)
const url = `https://api.allorigins.win/get?url=${encodeURIComponent(target)}`;
const { contents } = await fetch(url).then(r => r.json());
// After (CorsProxy.io) - direct content, no JSON wrapper
const url = `https://corsproxy.io/?url=${encodeURIComponent(target)}`;
const contents = await fetch(url).then(r => r.text());