diff --git a/backend/src/main/java/uk/ac/ebi/spot/ols/config/CrossOriginResourceSharingFilter.java b/backend/src/main/java/uk/ac/ebi/spot/ols/config/CrossOriginResourceSharingFilter.java
index ede50065..a68d9bfb 100644
--- a/backend/src/main/java/uk/ac/ebi/spot/ols/config/CrossOriginResourceSharingFilter.java
+++ b/backend/src/main/java/uk/ac/ebi/spot/ols/config/CrossOriginResourceSharingFilter.java
@@ -32,6 +32,11 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
         HttpServletRequest httpRequest = (HttpServletRequest) request;
         HttpServletResponse httpResponse = (HttpServletResponse) response;
 
+        // Alwasy add CORS headers. add CORS "pre-flight" request headers
+        httpResponse.addHeader("Access-Control-Allow-Origin", "*");
+        httpResponse.addHeader("Access-Control-Allow-Headers", "*");
+        httpResponse.addHeader("Access-Control-Allow-Methods", "GET");
+        httpResponse.addHeader("Access-Control-Max-Age", "3600");
 
         // is this a CORS request?
         if (httpRequest.getHeader("Origin") != null) {
@@ -39,11 +44,6 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
             String requestURI = httpRequest.getRequestURI();
             getLog().trace("Possible cross-origin request received from '" + origin + "' to IRI: " +
                                    "'" + requestURI + "'.  Enabling CORS.");
-
-            // add CORS "pre-flight" request headers
-            httpResponse.addHeader("Access-Control-Allow-Origin", "*");
-            httpResponse.addHeader("Access-Control-Allow-Headers", "*");
-            httpResponse.addHeader("Access-Control-Allow-Methods", "GET");
         }
 
         chain.doFilter(request, response);