diff --git a/src/index.js b/src/index.js
index 17ba0cd..604e058 100644
--- a/src/index.js
+++ b/src/index.js
@@ -95,16 +95,28 @@ router.get("/list", read.listFilesHandler);
 /*** Setting up the listener ***/
 
 router.get("/", () => {
-    return new Response(null, { headers: { "Location": "https://artifactdb.github.io/gypsum-worker" }, status: 301 })
+    return new Response(null, { 
+        headers: { 
+            "Location": "https://artifactdb.github.io/gypsum-worker",
+            "Access-Control-Allow-Origin": '*' 
+        }, 
+        status: 301 
+    })
 })
 
 router.all('*', request => { 
     const u = request.url;
     const pattern = /([^:])(\/\/+)/g;
     if (u.match(pattern)) {
-        return new Response(null, { headers: { "Location": u.replace(pattern, "$1/") }, status: 301 })
+        return new Response(null, {
+            headers: { 
+                "Location": u.replace(pattern, "$1/"), 
+                'Access-Control-Allow-Origin': '*'
+            }, 
+            status: 301 
+        })
     }
-    return http.errorResponse("no such endpoint", 404);
+    return http.errorResponse("no such endpoint", 404, { 'Access-Control-Allow-Origin': '*' });
 })
 
 export default {
@@ -120,9 +132,9 @@ fetch(request, env, context) {
         .fetch(request, env, nonblockers)
         .catch(error => {
             if (error instanceof http.HttpError) {
-                return http.errorResponse(error.message, error.statusCode);
+                return http.errorResponse(error.message, error.statusCode, { 'Access-Control-Allow-Origin': '*' });
             } else {
-                return http.errorResponse(error.message, 500);
+                return http.errorResponse(error.message, 500, { 'Access-Control-Allow-Origin': '*' });
             }
         });
 
diff --git a/src/read.js b/src/read.js
index 9f26a75..b925fce 100644
--- a/src/read.js
+++ b/src/read.js
@@ -7,6 +7,7 @@ function createHeaders(payload) {
     headers.set('etag', payload.httpEtag);
     headers.set('Last-Modified', payload.uploaded.toUTCString());
     headers.set("Content-Length", payload.size);
+    headers.set("Access-Control-Allow-Origin", "*");
     return headers;
 }
 
@@ -40,5 +41,5 @@ export async function listFilesHandler(request, env, nonblockers) {
     }
     let collected = [];
     await s3.listApply(prefix, x => collected.push(x), env, { trimPrefix: false, stripTrailingSlash: false, local: !recursive });
-    return new http.jsonResponse(collected, 200);
+    return new http.jsonResponse(collected, 200, { "Access-Control-Allow-Origin": "*" });
 }