diff --git a/demo-proxy/etc-httpd/conf.d/httpd.conf b/demo-proxy/etc-httpd/conf.d/httpd.conf
index 49624dda..1e246ec9 100644
--- a/demo-proxy/etc-httpd/conf.d/httpd.conf
+++ b/demo-proxy/etc-httpd/conf.d/httpd.conf
@@ -50,13 +50,8 @@ EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
     #Header set Strict-Transport-Security "max-age=300"
     #Header set Content-Security-Policy: upgrade-insecure-requests
 
-    Header set Access-Control-Max-Age "300"
-    # could be 'localhost', <ip-of-docker-machine>, '</etc/hosts entry>'
-    Header set Access-Control-Allow-Origin "*"
-    # allow cookies to be sent cross origin
-    Header set Access-Control-Allow-Credentials "true"
+    Header set Access-Control-Allow-Origin "${PASS_CORE_BASE_URL}"
     Header merge Access-Control-Allow-Methods "PUT, OPTIONS"
-    Header merge Access-Control-Expose-Headers "authorization"
 
     #Map /idp to Tomcat
     ProxyPass /idp https://idp:4443/idp