diff --git a/httpbin/core.py b/httpbin/core.py
index 1bad8b3..bdd6f99 100644
--- a/httpbin/core.py
+++ b/httpbin/core.py
@@ -45,7 +45,6 @@ sentry = Sentry(app)
 def set_cors_headers(response):
     response.headers['Access-Control-Allow-Origin'] = '*'
     if request.method == 'OPTIONS':
-        response.headers['Access-Control-Allow-Origin'] = '*'
         response.headers['Access-Control-Allow-Credentials'] = 'true'
         response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, PATCH, OPTIONS'
         response.headers['Access-Control-Max-Age'] = str(60 * 60) # 1 hour cache