diff --git a/util/httputil/cors.go b/util/httputil/cors.go
index 7e0dac7871..25c1721122 100644
--- a/util/httputil/cors.go
+++ b/util/httputil/cors.go
@@ -34,15 +34,19 @@ func SetCORS(w http.ResponseWriter, o *regexp.Regexp, r *http.Request) {
 	}
 
 	for k, v := range corsHeaders {
-		w.Header().Set(k, v)
+		if _, ok := w.Header()[k]; !ok {
+			w.Header().Set(k, v)
+		}
 	}
 
-	if o.String() == "^(?:.*)$" {
-		w.Header().Set("Access-Control-Allow-Origin", "*")
-		return
-	}
+	if _, ok := w.Header()["Access-Control-Allow-Origin"]; !ok {
+		if o.String() == "^(?:.*)$" {
+			w.Header().Set("Access-Control-Allow-Origin", "*")
+			return
+		}
 
-	if o.MatchString(origin) {
-		w.Header().Set("Access-Control-Allow-Origin", origin)
+		if o.MatchString(origin) {
+			w.Header().Set("Access-Control-Allow-Origin", origin)
+		}
 	}
 }