diff --git a/swag/nginx/proxy-confs/synapse.subdomain.conf b/swag/nginx/proxy-confs/synapse.subdomain.conf
index c69f7d5..8fb1acb 100644
--- a/swag/nginx/proxy-confs/synapse.subdomain.conf
+++ b/swag/nginx/proxy-confs/synapse.subdomain.conf
@@ -24,7 +24,6 @@ server {
       # Abuse reports should be sent to Mjölnir.
 
       # Add CORS, otherwise a browser will refuse this request.
-      add_header 'Access-Control-Allow-Origin' '*' always; # Note: '*' is for testing purposes. For your own server, you probably want to tighten this.
       add_header 'Access-Control-Allow-Credentials' 'true' always;
       add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
       add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since' always;