diff --git a/app/Http/Middleware/CorsMiddleware.php b/app/Http/Middleware/CorsMiddleware.php
new file mode 100644
index 0000000..b27d2b7
--- /dev/null
+++ b/app/Http/Middleware/CorsMiddleware.php
@@ -0,0 +1,35 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\Response;
+use Laravel\Lumen\Http\ResponseFactory;
+
+class CorsMiddleware
+{
+    public function __construct(private readonly ResponseFactory $responseFactory)
+    {
+    }
+
+    public function handle(Request $request, \Closure $next): Response
+    {
+        if ($request->isMethod('OPTIONS')) {
+            $headers = [
+                'Access-Control-Allow-Origin'      => '*',
+                'Access-Control-Allow-Methods'     => 'GET, OPTIONS',
+                'Access-Control-Max-Age'           => '86400',
+                'Accept-Control-Allow-Headers' => 'Accept,Accept-Encoding,DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range',
+                'Content-Type' => 'text/plain',
+                'Content-Length' => '0'
+            ];
+            $response = $this->responseFactory->make("", 204, $headers);
+            $response->setProtocolVersion("1.1");
+        }
+        else {
+            $response = $next($request);
+        }
+
+        return $response;
+    }
+}
diff --git a/bootstrap/app.php b/bootstrap/app.php
index b5218ad..b08ba5b 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -82,6 +82,10 @@ if (env('INSIGHTS', false)) {
     $globalMiddleware[] = \App\Http\Middleware\Insights::class;
 }
 
+if (env('CORS_MIDDLEWARE', false)) {
+    $globalMiddleware[] = \App\Http\Middleware\CorsMiddleware::class;
+}
+
 $app->middleware($globalMiddleware);
 
 $app->routeMiddleware([
diff --git a/public/index.php b/public/index.php
index 7da0be5..3e8196e 100644
--- a/public/index.php
+++ b/public/index.php
@@ -28,8 +28,6 @@ ob_start("ob_gzhandler");
 
 if (!env('APP_DEBUG')) {
     header("Content-Type: application/json");
-    header("Access-Control-Allow-Origin: *");
-    header("Access-Control-Allow-Methods: GET");
 }
 
 $app->run();