Managed relay + open-source runtime

Ship browser integrations
without the proxy work.

A managed relay for the third-party APIs your frontend has to call — API keys, rate limits, logs, and a dashboard out of the box. Self-host the same runtime when policy or scale requires it.

Fix CORS without shipping a throwaway backend. Free tier — no credit card.

Managed

Use the hosted API

Sign in, create an API key, and start sending requests through the hosted proxy with usage tracking and daily limits.

curl -H "X-API-Key: sk_live_..." \
  "https://api.corsproxy.dev/proxy?url=https://api.github.com/users/octocat"

# Browser-friendly form
https://api.corsproxy.dev/proxy?url=https://api.github.com/users/octocat&key=sk_live_...
Create a free account →
Self-hosted

Run the Go binary

Single ~10MB binary. Zero dependencies. Deploys to Railway, Render, Fly, or your own box.

git clone https://github.com/melihbirim/corsproxy
cd corsproxy
go run main.go     # listens on :8080
Read the README →

What you get

Ship faster

Build browser integrations without standing up a custom relay service. Point your frontend at corsproxy.dev, add an API key, and you're done.

Safer than ad hoc proxies

Per-key rate limits, request logs, and abuse controls instead of a public proxy or a one-off serverless function with no governance.

Hosted or self-hosted

Start managed. Move to the open-source runtime when policy or scale requires it — same proxy core, same wire protocol.

Production controls

Atomic per-key daily quotas via Cloudflare Durable Objects, blocked private-network targets, and 30-day request history for debugging.

Real usage visibility

Per-key request counts, error rates, and rate-limit headroom in the dashboard. Export your data anytime.

GDPR ready

Data export, account deletion with full erasure, and EU-friendly retention defaults. Designed for production from day one.

Two ways to use it

Open source

MIT licensed
  • Self-host the Go binary anywhere
  • No quotas, no API keys, no accounts
  • Run alongside your other infra
  • One-click deploy: Railway, Render, Fly, Koyeb
  • Source on GitHub
View on GitHub

From the blog

All posts →
Tutorial

Why am I getting a CORS error?

What the browser is actually doing, why your server "refuses" to respond, and three concrete ways to fix it.

Security

How a CORS proxy can be abused

SSRF, credential laundering, bandwidth burn. The honest threat model and the mitigations corsproxy.dev applies.

How-to

5 ways to fix CORS in development

Vite proxy, webpack dev-server, server-side headers, the disabled-security browser, and a CORS proxy.

Developer tools

All docs →

Start free, contact us to scale

The Free tier (100 requests/day) covers evaluation and small-scale use. Higher-volume tiers are arranged via an upgrade form in your dashboard — no self-serve checkout yet, no surprise invoices.