diff --git a/.github/workflows/verifyimage.yml b/.github/workflows/verifyimage.yml
index e0ffa8e..a0b4267 100644
--- a/.github/workflows/verifyimage.yml
+++ b/.github/workflows/verifyimage.yml
@@ -70,3 +70,11 @@ jobs:
       - name: Verify ${{ matrix.target }}
         run: |
           [ $(docker inspect ${{ matrix.target }}-test --format='{{.State.Running}}') = 'true' ]
+          if "${{ matrix.target }}" == "nginx" ; then
+            curl -q -D headers.txt http://localhost:8080/?test=../../etc/passwd
+            grep -q "HTTP/1.1 403 Forbidden" headers.txt
+            grep -q "Access-Control-Allow-Origin: *" headers.txt
+            grep -q "Access-Control-Max-Age: 3600" headers.txt
+            grep -q "Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS" headers.txt
+            grep -q "Access-Control-Allow-Headers: *" headers.txt
+          fi
diff --git a/nginx/templates/conf.d/default.conf.template b/nginx/templates/conf.d/default.conf.template
index 976f262..7f25d71 100644
--- a/nginx/templates/conf.d/default.conf.template
+++ b/nginx/templates/conf.d/default.conf.template
@@ -23,6 +23,7 @@ server {
             return 301 https://$host$request_uri;
         }
 
+        include includes/cors.conf;
         include includes/proxy_backend.conf;
 
         index index.html index.htm;