diff --git a/svcs/data/caddy/Caddyfile.blue b/svcs/data/caddy/Caddyfile.blue
index 58c40dcd..964cd75a 100644
--- a/svcs/data/caddy/Caddyfile.blue
+++ b/svcs/data/caddy/Caddyfile.blue
@@ -5,11 +5,22 @@
 # configuration. The only difference between the two configurations is the port
 # number to forward the request to, 8081 for blue and 8082 for green.
 
+(cors) {
+  @origin{args.0} header Origin {args.0}
+  header @origin{args.0} Access-Control-Allow-Origin "{args.0}"
+  header @origin{args.0} Vary Origin
+}
+
 tiles.soundscape.services {
     reverse_proxy localhost:8081 {
         header_up X-Real-IP {remote_host}
     }
     header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+    header Access-Control-Allow-Methods "GET"
+    header Access-Control-Allow-Headers "*"
+
+    # Allow requests coming from the Soundscape web client hosted on Github
+    import cors https://soundscape-community.github.io
 }
 
 newprod0.openscape.io {
diff --git a/svcs/data/caddy/Caddyfile.green b/svcs/data/caddy/Caddyfile.green
index 3329add9..684c5213 100644
--- a/svcs/data/caddy/Caddyfile.green
+++ b/svcs/data/caddy/Caddyfile.green
@@ -5,11 +5,22 @@
 # configuration. The only difference between the two configurations is the port
 # number to forward the request to, 8081 for blue and 8082 for green.
 
+(cors) {
+  @origin{args.0} header Origin {args.0}
+  header @origin{args.0} Access-Control-Allow-Origin "{args.0}"
+  header @origin{args.0} Vary Origin
+}
+
 tiles.soundscape.services {
     reverse_proxy localhost:8082 {
         header_up X-Real-IP {remote_host}
     }
     header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+    header Access-Control-Allow-Methods "GET"
+    header Access-Control-Allow-Headers "*"
+
+    # Allow requests coming from the Soundscape web client hosted on Github
+    import cors https://soundscape-community.github.io
 }
 
 newprod0.openscape.io {