diff --git a/api.go b/api.go
index 0a17feb..c673870 100644
--- a/api.go
+++ b/api.go
@@ -56,6 +56,16 @@ func (a apiServer) Register(r *mux.Router) {
 }
 
 func (a apiServer) handleCreate(res http.ResponseWriter, r *http.Request) {
+	if cust.AddCORSHeaders {
+		res.Header().Set("Access-Control-Allow-Origin", "*")
+		res.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS")
+		if r.Method == http.MethodOptions {
+			res.WriteHeader(http.StatusNoContent)
+			return
+		}
+
+	}
+
 	if cust.MaxSecretSize > 0 {
 		// As a safeguard against HUGE payloads behind a misconfigured
 		// proxy we take double the maximum secret size after which we
diff --git a/pkg/customization/customize.go b/pkg/customization/customize.go
index 8e4a20b..db2c0cf 100644
--- a/pkg/customization/customize.go
+++ b/pkg/customization/customize.go
@@ -41,6 +41,7 @@ type (
 		MetricsAllowedSubnets []string `json:"-" yaml:"metricsAllowedSubnets"`
 		OverlayFSPath         string   `json:"-" yaml:"overlayFSPath"`
 		UseFormalLanguage     bool     `json:"-" yaml:"useFormalLanguage"`
+		AddCORSHeaders        bool     `json:"-" yaml:"addCORSHeaders"`
 
 		FooterLinks []FooterLink `json:"footerLinks,omitempty" yaml:"footerLinks"`
 	}