Sending a regular CORS request using cUrl:
curl -H "Origin: http://example.com" --verbose
https://www.googleapis.com/discovery/v1/apis?fields= The -H "Origin: http://example.com" flag is the third party domain making the request. Substitute in whatever your domain is.
The --verbose flag prints out the entire response so you can see the request and response headers.
The url I'm using above is a sample request to a Google API that supports CORS, but you can substitute in whatever url you are testing.
The response should include the Access-Control-Allow-Origin header.
Sending a preflight request using cUrl:
curl -H "Origin: http://exa