English README — Turkish docs available below (Frontend & Backend)
Cors-Bridge is a modern, secure, SSRF-protected, full-stack CORS proxy platform designed by Syrins to completely eliminate browser-side CORS issues for developers.
It is not just a single tool — it is a complete ecosystem consisting of:
Use instantly:
https://api.cors.syrins.tech/?url=<TARGET_URL>
Zero-config TypeScript/JavaScript client.
Perform CORS-safe HTTP requests directly from terminal.
Hardened CORS proxy with SSRF protections, caching, circuit breakers, metrics, health checks.
React/Vite UI with examples, request tester, live latency, health dashboard.
- DNS + IP verification
- Private subnet blocking
- Blacklisted IP ranges
- Safe URL validator
- Prevents localhost & internal network access
- Automatic header passthrough
- Request & response normalization
- Timeout & rate-limit
- In-flight request deduplication
- Per-host circuit breaker
- Raw/JSON output modes
- Memory cache (default)
- Optional Redis 7+
- Cache-key hashing
- Override TTL support
/metricsPrometheus endpoint/live,/ready,/health- Latency tracking
- Error counters
- React playground
- Ready code snippets
- NPM + CLI + API all in sync
- TypeScript-first design
Use immediately:
https://api.cors.syrins.tech/?url=<TARGET_URL>
- Zero installation
- Unlimited usage
- Fast global routing
- Works in fetch(), Axios, etc.
- CORS-safe
- SSRF-protected
- Perfect for frontend apps
const response = await fetch(
"https://api.cors.syrins.tech/?url=https://example.com"
);
console.log(await response.json());install:
npm install corsbridgeimport { corsFetch } from "corsbridge";
const data = await corsFetch("https://api.github.com/users/github");
console.log(data);- 7.3 KB gzipped
- TypeScript-native
- Works in Browser + Node
- Automatic error normalization
- Built-in security
Install globally:
npm install -g corsbridgecorsbridge https://example.comcorsbridge https://example.com/login \
--method POST \
--header "Content-Type: application/json" \
--data '{"user":"admin","pass":"1234"}'corsbridge https://api.github.com/users/github --json
corsbridge https://example.com --rawcorsbridge https://example.com/data --out data.json| Flag | Description |
|---|---|
--method |
HTTP method |
--header |
Add custom header |
--data |
JSON/String body |
--json |
Pretty JSON |
--raw |
Raw response |
--agent |
User-Agent |
--timeout |
Timeout ms |
--out |
Save output |
--no-ssl |
Skip SSL validation |
Backend English docs → https://github.com/Syrins/Cors-Bridge/blob/main/Backend/docs/English.md
Backend Turkish docs → https://github.com/Syrins/Cors-Bridge/blob/main/Backend/docs/Turkish.md
- React 18 + Vite
- Tailwind + shadcn/ui
- Dark/light mode
- EN/TR bilingual
- Live request tester
- Health monitor
- Status charts
Frontend English docs → https://github.com/Syrins/Cors-Bridge/blob/main/Frontend/docs/English.md
Frontend Turkish docs → https://github.com/Syrins/Cors-Bridge/blob/main/Frontend/docs/Turkish.md
(Updated with all weaknesses + your unlimited public API)
| Feature | Cors-Bridge | CORS Anywhere | AllOrigins | WhateverOrigin | ScraperAPI | RapidAPI CORS |
|---|---|---|---|---|---|---|
| Public Hosted API | ✔ Unlimited free | ✔ Unstable | ✔ Free | ✔ Free | ✖ Paid | ✖ Paid |
| SSRF Protection | ✔ Strong | ✖ Weak | ✖ None | ✖ None | ✔ Strong | ✔ Strong |
| Private IP Blocking | ✔ Yes | ✖ No | ✖ No | ✖ No | ✔ Yes | ✔ Yes |
| URL Sanitization | ✔ Advanced | ✖ Basic | ✖ Basic | ✖ Basic | ✔ Strong | ✔ Strong |
| Caching | ✔ Redis/Memory | ✖ None | ✖ Weak | ✖ Weak | ✔ Yes | ✔ Yes |
| In-Flight Dedup | ✔ Yes | ✖ No | ✖ No | ✖ No | ✖ No | ✖ No |
| Circuit Breaker | ✔ Yes | ✖ No | ✖ No | ✖ No | ✔ Yes | ✔ Yes |
| Playground | ✔ Yes | ✖ No | ✖ No | ✖ No | ✖ No | ✔ Partial |
| Rate Limit | ✔ Built-in | ✖ No | ✖ No | ✖ No | ✔ Strong | ✔ Strong |
| JSONP | ✖ No | ✔ Yes | ✔ Yes | ✔ Yes | ✖ No | ✖ No |
| Free Tier | ✔ Unlimited | ✔ Yes | ✔ Yes | ✔ Yes | ✖ No | ✖ No |
| Requires Server | ✖ Public API available | ✖ No | ✖ No | ✖ No | ✔ Yes | ✔ Yes |
- Free unlimited public API
- Enterprise-level SSRF protection
- Caching, deduplication, metrics
- CLI + NPM + Playground
- Fully modern TS codebase
- Developer-first design
Cors-Bridge is designed to be highly available, fault-tolerant and safe by default. Below is an honest, transparent and professional overview of service guarantees and limitations.
Cors-Bridge commits to maintaining a high-availability, multi-region CORS infrastructure with:
- Continuous uptime target aligned with industry-standard reliability (no fixed percentage such as 99.9% or 99.99% is formally guaranteed)
- Automated monitoring and self-recovery
- Multi-node architecture to minimize downtime
- Zero-downtime deployment strategy
- Automatic restarts on failures
⚠ While Cors-Bridge aims for extremely high uptime, it does not provide a legally binding SLA at this time.
Cors-Bridge is not single-region. It operates across multiple independent regions and runtimes:
Physical/virtual servers located in separate datacenters.
Global edge fallback for ultra-low latency.
Third-party failover for automatic routing.
If one backend becomes unreachable, requests are transparently routed to the next healthy region.
Result: Full multi-region failover, extremely low risk of total outage.
Cors-Bridge backend supports:
- Horizontal scaling
- Cluster mode (multi-process Node.js)
- Load balancer compatibility
- Multi-instance deployments
- Cache sync via Redis (optional)
This ensures stable performance even under heavy load.
Cors-Bridge is optimized for heavy workloads, but traffic patterns matter. The engine divides load into safe, isolated segments:
If a specific external API becomes slow/unusable, only that host is isolated — other traffic flows normally.
Duplicate simultaneous requests merge into a single upstream call, reducing CPU load.
Slow remote servers cannot block the event-loop → Requests auto-expire safely.
Hot endpoints are served in microseconds, drastically reducing upstream load.
Small traffic spikes are absorbed without causing rate-limit storms or CPU spikes.
Although Cors-Bridge offers an unlimited free public API, its sustainability is ensured because:
- Infrastructure is provided through a hosting partner in which the author is a co-owner
- Costs are predictable and optimized
- Multi-region backend + worker infrastructure ensures stability
- Abuse prevention mechanisms help control load
Therefore, unlike many “free CORS proxies”, sustainability and funding are not a risk here.
Cors-Bridge previously could have had single-region dependency — but the current architecture eliminates this entirely.
- Multiple backend regions
- Cloudflare Worker Edge fallback
- Additional global proxy provider
- Health-based multi-origin routing
Translation: No single point of failure.
Cors-Bridge implements strong protections, but (like all proxies) has some inherent limitations:
- Does not provide JSONP (by design, security risk)
- Cannot bypass target API’s own rate-limits or anti-bot systems
- Cannot control slow or down remote servers
- High-security WAF/IDS features (advanced threat models) belong to the enterprise tier, not default tier
We welcome:
- Feature requests
- Bug reports
- Pull requests
- Suggestions
Home •
Frontend •
Backend •
Public API
© Cors-Bridge — Secure, Modern, Developer-First CORS Platform by Syrins