Header Overrides

CorsProxy supports per-request header overrides via query parameters. You can modify request headers before the origin fetch and response headers before the proxy returns the response.

Parameters

• reqHeaders — set/override request headers
• resHeaders — set/override response headers

To remove a header, pass an empty value:

resHeaders=x-frame-options:

Examples

1) Fix content type issues

https://corsproxy.io/?url=https://example.com/api.json&resHeaders=content-type:application/json
https://corsproxy.io/?url=https://api.example.com/xml-data&resHeaders=content-type:text/plain

2) Override caching behavior

https://corsproxy.io/?url=https://api.example.com/live-data&resHeaders=cache-control:no-cache&resHeaders=expires:0
https://corsproxy.io/?url=https://cdn.example.com/image.jpg&resHeaders=cache-control:public, max-age=31536000

3) Remove security headers that block embedding

https://corsproxy.io/?url=https://example.com/embed-content&resHeaders=x-frame-options:&resHeaders=content-security-policy:

4) Add custom response headers

https://corsproxy.io/?url=https://example.com/api&resHeaders=access-control-allow-origin:https://myapp.com
https://corsproxy.io/?url=https://example.com/api&resHeaders=x-custom-app:myapp&resHeaders=x-version:1.0

5) Override request headers

https://corsproxy.io/?url=https://example.com/api&reqHeaders=accept:application/json
https://corsproxy.io/?url=https://example.com/api&reqHeaders=authorization:Bearer%20TOKEN

Special Characters

URL-encode values with spaces or symbols:

https://corsproxy.io/?url=https://example.com/api&resHeaders=x-custom:value%20with%20spaces%20%26%20symbols
https://corsproxy.io/?url=https://example.com/api&resHeaders=link:%22%3Chttps://example.com%3E%3B%20rel%3Dnext%22

Helper Function (JavaScript)

function buildProxyUrl(targetUrl, { reqHeaders = {}, resHeaders = {} } = {}) {
  const encodedUrl = encodeURIComponent(targetUrl);
  let proxyUrl = `https://corsproxy.io/?url=${encodedUrl}`;

  const applyHeaders = (param, headers) => {
    Object.entries(headers).forEach(([header, value]) => {
      const headerParam = value === null || value === ''
        ? `${header}:` // remove header
        : `${header}:${value}`;
      proxyUrl += `&${param}=${encodeURIComponent(headerParam)}`;
    });
  };

  applyHeaders('reqHeaders', reqHeaders);
  applyHeaders('resHeaders', resHeaders);
  return proxyUrl;
}

// Usage
const url = buildProxyUrl('https://example.com/api', {
  resHeaders: { 'content-type': 'application/json' },
  reqHeaders: { 'accept': 'application/json' }
});

Notes

• Header names are case-insensitive.
• Use URL encoding for any value with spaces or special characters.