How to Enable CORS


in a WordPress site i have download system. when im click on download file. its give error. not start download. cors get blocked.

please help me to solve this issue. how to enable cors function in hestiacp. check screen short of error

im edit file apache2.conf

and add this

<IfModule mod_headers.c>

Header set Access-Control-Allow-Origin "*"


but this is not work still unable to download file.

please urgent help thank you

note: im using cloudflare ssl


And add

add_header 'Access-Control-Allow-Origin' "*" ;

And do the same for


after create this im, check screen short

restart server now give this error

Error: ERROR: Restart of nginx failed.

nginx not getting start…

note: im using apache2 for this site its not a issue ?

thank you so much for the help …

What does:

nginx -t says…

this code not working

add_header Access-Control-Allow-Origin ;

but when im add this … then restart server its restart fine.

add_header Access-Control-Allow-Origin “*”;

but still have same issue file not start download. please help

Just in case, try to hide the header on nginx side (nginx.conf and nginx.ssl.conf) inside location / block where is the proxy_pass directive:

proxy_hide_header 'Access-Control-Allow-Origin';

Reload nginx and try again… also, remove cache or history for that site in your browser.


have add in this file but

where i find the file nginx.ssl.conf …

If you don’t have one in the same dir, then you have not enabled ssl for that site so no need to edit nginx.ssl.conf

yes im using cloudflare ssl. thats why

please check screen short did i add code on right place ? there is 2 place where is proxy_pass

thanks for help im sorry im not good in coding

I don’t use Cloudflare so I won’t be able to help here but maybe Cloudflare is caching the headers and you would need to purge it on Cloudflare side.

Also, you could try to connect to your site directly (without Cloudflare) maybe you would need to add the ip and domain in your hosts file to be able to access and check whether it works or not. Also, if you use Firefox or Chrome you can use their dev tools to inspect the site and check the headers your browser is receiving and you will see whether the allow origin is the right one or it isn’t.