diff --git a/templates/nginx-cors.conf.j2 b/templates/nginx-cors.conf.j2
index 1f3af86..703fd8d 100644
--- a/templates/nginx-cors.conf.j2
+++ b/templates/nginx-cors.conf.j2
@@ -1,6 +1,7 @@
 {% if nginx_cors_extended_rules %}
 if ($request_method = 'OPTIONS') {
 {% if nginx_cors_limit_origin %}
+    proxy_hide_header Access-Control-Allow-Origin;
     add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
 {% else %}
     add_header 'Access-Control-Allow-Origin' '*';
@@ -21,6 +22,7 @@ if ($request_method = 'OPTIONS') {
 }
 if ($request_method = 'POST') {
 {% if nginx_cors_limit_origin %}
+    proxy_hide_header Access-Control-Allow-Origin;
     add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
 {% else %}
     add_header 'Access-Control-Allow-Origin' '*';
@@ -32,8 +34,10 @@ if ($request_method = 'POST') {
 }
 if ($request_method = 'GET') {
 {% if nginx_cors_limit_origin %}
+    proxy_hide_header Access-Control-Allow-Origin;
     add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
 {% else %}
+    proxy_hide_header Access-Control-Allow-Origin;
     add_header 'Access-Control-Allow-Origin' '*';
 {% endif %}
     add_header 'Access-Control-Allow-Credentials' 'true';
@@ -43,8 +47,10 @@ if ($request_method = 'GET') {
 }
 {% else %}
 {% if nginx_cors_limit_origin %}
+proxy_hide_header Access-Control-Allow-Origin;
 add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
 {% else %}
+proxy_hide_header Access-Control-Allow-Origin;
 add_header 'Access-Control-Allow-Origin' '*';
 {% endif %}
 if ($request_method = OPTIONS ) {