diff --git a/index.js b/index.js
index 25fd6c4..ce4f346 100644
--- a/index.js
+++ b/index.js
@@ -208,16 +208,6 @@ console.log(config);
 
     app.use(function(req, res, next) {
       res.header('X-Powered-By', mayktsoURI);
-      res.header("Access-Control-Allow-Credentials", "true");
-      res.header("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS, POST, PUT");
-      if(req.header('Origin')) {
-        res.header("Access-Control-Allow-Origin", req.header('Origin'));
-      }
-      else {
-        res.header("Access-Control-Allow-Origin", "*");
-      }
-      res.header("Access-Control-Allow-Headers", "Content-Length, Content-Type, If-None-Match, Link, Location, Origin, Slug, X-Requested-With");
-       res.header("Access-Control-Expose-Headers", "Accept-Post, Access-Control-Allow-Headers, Access-Control-Allow-Methods, Access-Control-Allow-Origin, Allow, Content-Length, Content-Type, ETag, Last-Modified, Link, Location, Updates-Via, Vary");
       return next();
     });
 
diff --git a/src/server/cors-headers.js b/src/server/cors-headers.js
new file mode 100644
index 0000000..98f7d57
--- /dev/null
+++ b/src/server/cors-headers.js
@@ -0,0 +1,13 @@
+module.exports = function(req, res, next) {
+  res.header("Access-Control-Allow-Credentials", "true");
+  res.header("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS, POST, PUT");
+  if(req.header('Origin')) {
+    res.header("Access-Control-Allow-Origin", req.header('Origin'));
+  }
+  else {
+    res.header("Access-Control-Allow-Origin", "*");
+  }
+  res.header("Access-Control-Allow-Headers", "Content-Length, Content-Type, If-None-Match, Link, Location, Origin, Slug, X-Requested-With");
+   res.header("Access-Control-Expose-Headers", "Accept-Post, Access-Control-Allow-Headers, Access-Control-Allow-Methods, Access-Control-Allow-Origin, Allow, Content-Length, Content-Type, ETag, Last-Modified, Link, Location, Updates-Via, Vary");
+  return next();
+};
diff --git a/src/server/index.js b/src/server/index.js
index 3713dfd..72a163e 100644
--- a/src/server/index.js
+++ b/src/server/index.js
@@ -9,6 +9,8 @@ exports.createServer = function(config){
   var app = express();
   // app.use(compress());
 
+  app.use(require('./cors-headers.js'));
+
   if (config.sslKey && config.sslCert) {
     var options = {
       key: fs.readFileSync(config.sslKey),