diff --git a/src/main/java/org/caosdb/server/CaosDBServer.java b/src/main/java/org/caosdb/server/CaosDBServer.java
index f6b89b91cb2937c4388a0e4a500af9b6c9b9b5c6..d7a47f351b377868da0817a1ca02c96a7e17e38c 100644
--- a/src/main/java/org/caosdb/server/CaosDBServer.java
+++ b/src/main/java/org/caosdb/server/CaosDBServer.java
@@ -1019,7 +1019,12 @@ class CaosDBComponent extends Component {
     request.getAttributes().put("SRID", UUID.randomUUID().toString());
     response.setServerInfo(CaosDBServer.getServerInfo());
     super.handle(request, response);
-    response.setAccessControlAllowOrigin("*");
+    String accessControlAllowOrigin =
+        CaosDBServer.getServerProperty(
+            ServerProperties.KEY_SERVER_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN);
+    if (accessControlAllowOrigin != null && !accessControlAllowOrigin.isBlank()) {
+      response.setAccessControlAllowOrigin(accessControlAllowOrigin);
+    }
     log(request, response, t1);
   }
 
diff --git a/src/main/java/org/caosdb/server/ServerProperties.java b/src/main/java/org/caosdb/server/ServerProperties.java
index f296949843cf603381f1ee39153b816f1ed75cc7..5135dcbe0a1c5dd63b2bd4faa82a4cf2123ba138 100644
--- a/src/main/java/org/caosdb/server/ServerProperties.java
+++ b/src/main/java/org/caosdb/server/ServerProperties.java
@@ -69,6 +69,8 @@ public class ServerProperties extends Properties implements Observable {
   public static final String KEY_SERVER_PORT_HTTPS = "SERVER_PORT_HTTPS";
   public static final String KEY_SERVER_PORT_HTTP = "SERVER_PORT_HTTP";
   public static final String KEY_REDIRECT_HTTP_TO_HTTPS_PORT = "REDIRECT_HTTP_TO_HTTPS_PORT";
+  public static final String KEY_SERVER_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN =
+      "SERVER_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN";
   public static final String KEY_GRPC_SERVER_PORT_HTTPS = "GRPC_SERVER_PORT_HTTPS";
   public static final String KEY_GRPC_SERVER_PORT_HTTP = "GRPC_SERVER_PORT_HTTP";