diff --git a/changelog.md b/changelog.md
index 38623cd..05113f1 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,3 +1,6 @@
+## Version 0.9.20
+ - Add option to disable CORS hardening (with empty value)
+
 ## Version 0.9.19
  - Add country whitelist option to geoblocker
  - No countries blocked by default anymore
diff --git a/package.json b/package.json
index cbbbf62..79c2e6b 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "cosmos-server",
-  "version": "0.9.19",
+  "version": "0.9.20",
   "description": "",
   "main": "test-server.js",
   "bugs": {
diff --git a/readme.md b/readme.md
index 8a7c52d..eb3ce03 100644
--- a/readme.md
+++ b/readme.md
@@ -4,11 +4,9 @@
 
 <!-- sponsors -->
 <h3 align="center">Thanks to the sponsors:</h3></br>
-<p align="center"><a href="https://github.com/zarevskaya"><img src="https://avatars.githubusercontent.com/zarevskaya" style="border-radius:48px" width="48" height="48" alt="zarev" title="zarev" /></a>
-<a href="https://github.com/DrMxrcy"><img src="https://avatars.githubusercontent.com/DrMxrcy" style="border-radius:48px" width="48" height="48" alt="null" title="null" /></a>
+<p align="center"><a href="https://github.com/DrMxrcy"><img src="https://avatars.githubusercontent.com/DrMxrcy" style="border-radius:48px" width="48" height="48" alt="null" title="null" /></a>
 <a href="https://github.com/soldier1"><img src="https://avatars.githubusercontent.com/soldier1" style="border-radius:48px" width="48" height="48" alt="null" title="null" /></a>
 <a href="https://github.com/devcircus"><img src="https://avatars.githubusercontent.com/devcircus" style="border-radius:48px" width="48" height="48" alt="Clayton Stone" title="Clayton Stone" /></a>
-<a href="https://github.com/vp-en"><img src="https://avatars.githubusercontent.com/vp-en" style="border-radius:48px" width="48" height="48" alt="vp-en" title="vp-en" /></a>
 <a href="https://github.com/BillyDas"><img src="https://avatars.githubusercontent.com/BillyDas" style="border-radius:48px" width="48" height="48" alt="Billy Das" title="Billy Das" /></a>
 <a href="https://github.com/Serph91P"><img src="https://avatars.githubusercontent.com/Serph91P" style="border-radius:48px" width="48" height="48" alt="Seraph91P" title="Seraph91P" /></a>
 </p><!-- /sponsors -->
diff --git a/src/proxy/routeTo.go b/src/proxy/routeTo.go
index 3ec4c19..4be4ecc 100644
--- a/src/proxy/routeTo.go
+++ b/src/proxy/routeTo.go
@@ -46,7 +46,7 @@ func joinURLPath(a, b *url.URL) (path, rawpath string) {
 
 
 // NewProxy takes target host and creates a reverse proxy
-func NewProxy(targetHost string, AcceptInsecureHTTPSTarget bool, VerboseForwardHeader bool, DisableHeaderHardening bool) (*httputil.ReverseProxy, error) {
+func NewProxy(targetHost string, AcceptInsecureHTTPSTarget bool, VerboseForwardHeader bool, DisableHeaderHardening bool, CORSOrigin string) (*httputil.ReverseProxy, error) {
 	url, err := url.Parse(targetHost)
 	if err != nil {
 			return nil, err
@@ -76,8 +76,11 @@ func NewProxy(targetHost string, AcceptInsecureHTTPSTarget bool, VerboseForwardH
 			req.Header.Set("X-Forwarded-Ssl", "on")
 		}
 
-		if VerboseForwardHeader {
+		if CORSOrigin != "" {
 			req.Header.Set("X-Forwarded-Host", url.Host)
+		}
+
+		if VerboseForwardHeader {
 			req.Header.Set("X-Origin-Host", url.Host)
 			req.Header.Set("Host", url.Host)
 			req.Header.Set("X-Forwarded-For", utils.GetClientIP(req))
@@ -120,7 +123,7 @@ func RouteTo(route utils.ProxyRouteConfig) http.Handler {
 	routeType := route.Mode
 
 	if(routeType == "SERVAPP" || routeType == "PROXY") {
-		proxy, err := NewProxy(destination, route.AcceptInsecureHTTPSTarget, route.VerboseForwardHeader, route.DisableHeaderHardening)
+		proxy, err := NewProxy(destination, route.AcceptInsecureHTTPSTarget, route.VerboseForwardHeader, route.DisableHeaderHardening, route.CORSOrigin)
 		if err != nil {
 				utils.Error("Create Route", err)
 		}
diff --git a/src/utils/middleware.go b/src/utils/middleware.go
index cd67cec..406174c 100644
--- a/src/utils/middleware.go
+++ b/src/utils/middleware.go
@@ -80,10 +80,12 @@ func CORSHeader(origin string) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 
-			w.Header().Set("Access-Control-Allow-Origin", origin)
-			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
-			w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
-			w.Header().Set("Access-Control-Allow-Credentials", "true")
+			if origin != "" {
+				w.Header().Set("Access-Control-Allow-Origin", origin)
+				w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
+				w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
+				w.Header().Set("Access-Control-Allow-Credentials", "true")
+			}
 
 			next.ServeHTTP(w, r)
 		})