diff --git a/extras/api/server.go b/extras/api/server.go
index 140603b..151415a 100644
--- a/extras/api/server.go
+++ b/extras/api/server.go
@@ -17,6 +17,9 @@ import (
 // ResponseHeaders are returned with each response
 var ResponseHeaders map[string]string
 
+// CorsDomains Allowed domains for CORS Policy
+var CorsDomains []string
+
 // Log allows logging of events and errors
 var Log = func(*http.Request, *Response, error) {}
 
@@ -78,6 +81,20 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
+	for _, d := range CorsDomains {
+		if d == r.Header.Get("origin") {
+			w.Header().Set("Access-Control-Allow-Origin", d)
+			vary := w.Header().Get("Vary")
+			if vary != "*" {
+				if vary != "" {
+					vary += ", "
+				}
+				vary += "Origin"
+			}
+			w.Header().Set("Vary", vary)
+		}
+	}
+
 	// Stop here if its a preflighted OPTIONS request
 	if r.Method == "OPTIONS" {
 		return