diff --git a/templates/nginx-cors.conf.j2 b/templates/nginx-cors.conf.j2
index 703fd8d..88719c3 100644
--- a/templates/nginx-cors.conf.j2
+++ b/templates/nginx-cors.conf.j2
@@ -1,7 +1,6 @@
 {% if nginx_cors_extended_rules %}
 if ($request_method = 'OPTIONS') {
 {% if nginx_cors_limit_origin %}
-    proxy_hide_header Access-Control-Allow-Origin;
     add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
 {% else %}
     add_header 'Access-Control-Allow-Origin' '*';
@@ -22,7 +21,6 @@ if ($request_method = 'OPTIONS') {
 }
 if ($request_method = 'POST') {
 {% if nginx_cors_limit_origin %}
-    proxy_hide_header Access-Control-Allow-Origin;
     add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
 {% else %}
     add_header 'Access-Control-Allow-Origin' '*';
@@ -34,7 +32,6 @@ if ($request_method = 'POST') {
 }
 if ($request_method = 'GET') {
 {% if nginx_cors_limit_origin %}
-    proxy_hide_header Access-Control-Allow-Origin;
     add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
 {% else %}
     proxy_hide_header Access-Control-Allow-Origin;
@@ -47,10 +44,8 @@ if ($request_method = 'GET') {
 }
 {% else %}
 {% if nginx_cors_limit_origin %}
-proxy_hide_header Access-Control-Allow-Origin;
 add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
 {% else %}
-proxy_hide_header Access-Control-Allow-Origin;
 add_header 'Access-Control-Allow-Origin' '*';
 {% endif %}
 if ($request_method = OPTIONS ) {
diff --git a/templates/nginx-virthost.j2 b/templates/nginx-virthost.j2
index 2a7f9a0..68ebbf1 100644
--- a/templates/nginx-virthost.j2
+++ b/templates/nginx-virthost.j2
@@ -123,6 +123,7 @@ server {
     {% endif %}
 
     {% if nginx_cors_enabled %}
+    proxy_hide_header Access-Control-Allow-Origin;
     {% if nginx_cors_global %}
     include /etc/nginx/snippets/nginx-cors.conf;
     {% endif %}
@@ -306,6 +307,7 @@ server {
     server_tokens {{ item.server_tokens | default('off') }};
 
     {% if nginx_cors_enabled %}
+    proxy_hide_header Access-Control-Allow-Origin;
     {% if nginx_cors_global %}
     include /etc/nginx/snippets/nginx-cors.conf;
     {% endif %}