If you are integrating the Countly Web SDK and requests are blocked due to CORS, follow the steps below to identify and resolve the issue. Principles shared here can also be extended to other SDKs depending on the platform.
1. Verify Requests Are Reaching the Countly Server
Before adjusting CORS settings, confirm that requests actually reach the Countly API and are not blocked earlier in the network path, such as by a WAF, reverse proxy, CDN, or browser extension.
Recommended checks:
- Browser DevTools
- Open Network tab
- Look for requests to the Countly API endpoint (for example /i or /o)
- Check:
- Request status code
- Whether the request appears at all
- Server Logs
- Check Countly NGINX or API logs to confirm whether the request arrives at the server
- If no request is logged, the block is happening before Countly
- WAF / Proxy / CDN
- Verify that:
- Preflight (OPTIONS) requests are allowed
- No rules are blocking cross-origin JavaScript requests
- Common culprits include Cloudflare, AWS WAF, corporate proxies, or strict firewall rules
- Verify that:
- Direct Test
- Temporarily test from a simple HTML page hosted on the same domain
- Or use curl / fetch with a custom Origin header to see if the server responds
If the request never reaches Countly, CORS configuration inside Countly will not help until the upstream block is resolved.
2. Check Application Access Control Origin Settings
If requests do reach Countly:
- Go to
Management → Applications → [Application] → App Settings → Access Control Origin - Verify that the exact origin is listed, including:
- Protocol (http vs https)
- Subdomain (www.example.com vs example.com)
- Save changes and retry the request
After this, the API response should include:
Access-Control-Allow-Origin: https://your-domain.comIf a required domain is missing, the request will fail even if the Web SDK is configured correctly.
3. Additional Things to Check
- Correct App Key
- Make sure the Web SDK is using the app key that matches the application where the origin is configured
- Browser Cache
- CORS preflight responses may be cached
- Try:
- Hard refresh
- Incognito window
- Clearing browser cache
- Multiple Environments
- Ensure all environments are covered:
- Production
- Staging
- Preview / QA domains
- Ensure all environments are covered:
- Mixed Content
- https websites sending data to an http Countly server may fail in modern browsers
- Ensure protocol compatibility