diff --git a/lib/api/CORS.js b/lib/api/CORS.js
new file mode 100644
index 0000000..1e4bdcd
--- /dev/null
+++ b/lib/api/CORS.js
@@ -0,0 +1,37 @@
+module.exports = function (req, res, next) {
+  let allowed = {
+
+    origins: [
+      '*',
+    ],
+
+    methods: [
+      'HEAD',
+      'GET',
+      'POST',
+      'PUT',
+      'DELETE',
+      'OPTIONS',
+    ],
+
+    headers: [
+      'Content-Type',
+      'Authorization',
+      'Content-Length',
+      'X-Requested-With',
+      'Cache-Control',
+      'X-Accept-Version',
+      'x-signature',
+      'x-pubkey',
+      'x-identity',
+      'cf-connecting-ip',
+    ],
+
+  };
+
+  res.header('Access-Control-Allow-Origin', allowed.origins.join());
+  res.header('Access-Control-Allow-Methods', allowed.methods.join());
+  res.header('Access-Control-Allow-Headers', allowed.headers.join());
+
+  next();
+};
diff --git a/lib/api/index.js b/lib/api/index.js
index 51f9ca6..382a20e 100644
--- a/lib/api/index.js
+++ b/lib/api/index.js
@@ -3,6 +3,9 @@ const config  = require('../../config');
 
 const app = express();
 const api = express.Router();
+const CORS = require('./CORS');
+
+app.use(CORS);
 
 // Serve insight ui front end from root dir public folder
 app.use('/', express.static('./public'));