diff --git a/.env.example b/.env.example
index 92e4a10ec..5312bae16 100644
--- a/.env.example
+++ b/.env.example
@@ -120,4 +120,7 @@ AUTH_ACCESS_EXPIRE=1296000
 SECRET_KEY_BASE=""
 
 # -------------------------------- Bitcoin segment --------------------------------
-BITCOIN_NODE_URL=""
\ No newline at end of file
+BITCOIN_NODE_URL=""
+
+# Dynamic CORS configuration
+PARTNER_DOMAINS="/localhost:\d*/"
diff --git a/app/serializers/address_serializer.rb b/app/serializers/address_serializer.rb
index 74dc31d27..77987c335 100644
--- a/app/serializers/address_serializer.rb
+++ b/app/serializers/address_serializer.rb
@@ -49,6 +49,14 @@ class AddressSerializer
             display_name: udt_account.display_name,
             uan: udt_account.uan,
           }
+        elsif udt_account.udt_type == "xudt"
+          {
+            symbol: udt_account.symbol,
+            decimal: udt_account.decimal.to_s,
+            amount: udt_account.amount.to_s,
+            type_hash: udt_account.type_hash,
+            udt_type: udt_account.udt_type,
+          }
         elsif udt_account.udt_type == "omiga_inscription"
           info = udt_account.udt.omiga_inscription_info
           {
diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
index e673c5386..fe507da1c 100644
--- a/config/initializers/cors.rb
+++ b/config/initializers/cors.rb
@@ -17,14 +17,10 @@
 
 Rails.application.config.middleware.insert_before 0, Rack::Cors do
   allow do
-    origins "https://explorer.nervos.org",
-            "https://explorer-testnet.nervos.org",
-            "https://aggron.explorer.nervos.org",
-            "https://pudge.explorer.nervos.org",
-            "https://staging.explorer.nervos.org",
-            /\Ahttps:\/\/ckb-explorer-.*-magickbase.vercel.app\z/,
-            "http://localhost:3000",
-            (ENV["STAGING_DOMAIN"]).to_s
-    resource "*", headers: :any, methods: [:get, :post, :put, :head, :options]
+    origins ["https://explorer.nervos.org",
+             "https://pudge.explorer.nervos.org",
+             /\Ahttps:\/\/ckb-explorer-.*-magickbase.vercel.app\z/] +
+      ENV["PARTNER_DOMAINS"].to_s.split(",").map(&:strip).map { |x| x.start_with?("/") ? Regexp.new(x[1..-2]) : x }
+    resource "*", headers: :any, methods: %i[get post put head options]
   end
 end
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
index 5a60ad13d..2e3e48f92 100644
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -23,8 +23,8 @@ class Rack::Attack
   # Throttle all requests by IP (60rpm)
   #
   # Key: "rack::attack:#{Time.now.to_i/:period}:req/ip:#{req.ip}"
-  throttle("req/ip", limit: 1500, period: 5.minutes) do |req|
-    req.env['HTTP_CF_CONNECTING_IP'] || req.ip # unless req.path.start_with?('/assets')
+  throttle("req/ip", limit: 3000, period: 5.minutes) do |req|
+    req.env["HTTP_CF_CONNECTING_IP"] || req.ip # unless req.path.start_with?('/assets')
   end
 
   ### Custom Throttle Response ###
@@ -49,7 +49,7 @@ class Rack::Attack
       headers = {
         "RateLimit-Limit" => match_data[:limit].to_s,
         "RateLimit-Remaining" => "0",
-        "RateLimit-Reset" => (now + (match_data[:period] - now % match_data[:period])).to_s
+        "RateLimit-Reset" => (now + (match_data[:period] - now % match_data[:period])).to_s,
       }
 
       [429, headers, ["Throttled\n"]]