diff --git a/src/main/java/de/ddb/labs/ef2so/filter/CORSFilter.java b/src/main/java/de/ddb/labs/ef2so/filter/CORSFilter.java
new file mode 100644
index 0000000..8ea3731
--- /dev/null
+++ b/src/main/java/de/ddb/labs/ef2so/filter/CORSFilter.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2018-2021 Michael Büchner, Deutsche Digitale Bibliothek.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.ddb.labs.ef2so.filter;
+
+import java.io.IOException;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerResponseContext;
+import javax.ws.rs.container.ContainerResponseFilter;
+import javax.ws.rs.ext.Provider;
+
+/**
+ *
+ * @author Michael Büchner <m.buechner@dnb.de>
+ */
+@Provider
+public class CORSFilter implements ContainerResponseFilter {
+
+    /**
+     * Adds a CORS header the all responses
+     *
+     * @param request HTTP Request
+     * @param response
+     * @throws java.io.IOException
+     */
+    @Override
+    public void filter(ContainerRequestContext request, ContainerResponseContext response) throws IOException {
+        
+        String allowOrigin = "*";
+        if (request.getHeaderString("Origin") != null && !request.getHeaderString("Origin").isEmpty()) {
+            allowOrigin = request.getHeaderString("Origin");
+        }
+
+        response.getHeaders().add("Access-Control-Allow-Origin", allowOrigin);
+        response.getHeaders().add("Access-Control-Allow-Headers", "Origin, Content-Type, Accept");
+        response.getHeaders().add("Access-Control-Allow-Methods", "GET");
+    }
+}
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
index 21e9e3f..cbc211c 100644
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -27,6 +27,10 @@ limitations under the License.
             <param-name>jersey.config.server.provider.packages</param-name>
             <param-value>de.ddb.labs.ef2so</param-value>
         </init-param>
+        <init-param>
+            <param-name>com.sun.jersey.spi.container.ContainerResponseFilters</param-name>
+            <param-value>de.ddb.labs.ef2so.filter.CORSFilter</param-value>
+        </init-param>
     </servlet>
     <servlet-mapping>
         <servlet-name>EF2SO</servlet-name>
