diff --git a/cmd/serve_management.go b/cmd/serve_management.go
index af35b34a88..558e6e6dcc 100644
--- a/cmd/serve_management.go
+++ b/cmd/serve_management.go
@@ -2,7 +2,6 @@ package cmd
 
 import (
 	"fmt"
-
 	"net/http"
 
 	"github.com/julienschmidt/httprouter"
@@ -11,13 +10,15 @@ import (
 	"github.com/ory/herodot"
 	"github.com/ory/oathkeeper/rsakey"
 	"github.com/ory/oathkeeper/rule"
+	"github.com/rs/cors"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"github.com/urfave/negroni"
 )
 
 type managementConfig struct {
-	rules rule.Manager
+	rules      rule.Manager
+	corsPrefix string
 }
 
 func runManagement(c *managementConfig) {
@@ -38,12 +39,14 @@ func runManagement(c *managementConfig) {
 	n.Use(negronilogrus.NewMiddlewareFromLogger(logger, "oathkeeper-management"))
 	n.UseHandler(router)
 
+	ch := cors.New(parseCorsOptions(c.corsPrefix)).Handler(n)
+
 	go refreshKeys(keyManager, 0)
 
 	addr := fmt.Sprintf("%s:%s", viper.GetString("MANAGEMENT_HOST"), viper.GetString("MANAGEMENT_PORT"))
 	server := graceful.WithDefaults(&http.Server{
 		Addr:    addr,
-		Handler: router,
+		Handler: ch,
 	})
 
 	logger.Printf("Listening on %s.\n", addr)
diff --git a/cmd/serve_proxy.go b/cmd/serve_proxy.go
index 089e2dac2b..58bed957d7 100644
--- a/cmd/serve_proxy.go
+++ b/cmd/serve_proxy.go
@@ -26,7 +26,8 @@ import (
 )
 
 type proxyConfig struct {
-	rules rule.Manager
+	rules      rule.Manager
+	corsPrefix string
 }
 
 // proxyCmd represents the proxy command
@@ -160,7 +161,7 @@ func runProxy(c *proxyConfig) {
 	n.Use(segmentMiddleware)
 	n.UseHandler(proxy)
 
-	ch := cors.New(parseCorsOptions("")).Handler(n)
+	ch := cors.New(parseCorsOptions(c.corsPrefix)).Handler(n)
 
 	var cert tls.Certificate
 	tlsCert := viper.GetString("HTTP_TLS_CERT")