diff --git a/responder/api.py b/responder/api.py
index 517ec6b..df40638 100644
--- a/responder/api.py
+++ b/responder/api.py
@@ -14,6 +14,7 @@ from starlette.debug import DebugMiddleware
 from starlette.testclient import TestClient
 from starlette.middleware.gzip import GZipMiddleware
 from starlette.middleware.httpsredirect import HTTPSRedirectMiddleware
+from starlette.middleware.cors import CORSMiddleware
 from apispec import APISpec
 from apispec.ext.marshmallow import MarshmallowPlugin
 from apispec import yaml_utils
@@ -26,7 +27,9 @@ from .routes import Route
 from .formats import get_formats
 from .background import BackgroundQueue
 from .templates import GRAPHIQL
-from .statics import DEFAULT_API_THEME, DEFAULT_SESSION_COOKIE, DEFAULT_SECRET_KEY
+from .statics import (
+    DEFAULT_API_THEME, DEFAULT_SESSION_COOKIE, DEFAULT_SECRET_KEY, CORS_PARAMS
+)
 
 # TODO: consider moving status codes here
 class API:
@@ -55,6 +58,7 @@ class API:
         secret_key=DEFAULT_SECRET_KEY,
         enable_hsts=False,
         docs_route=None,
+        cors=False
     ):
         self.secret_key = secret_key
         self.title = title
@@ -73,7 +77,7 @@ class API:
         self.session_cookie = DEFAULT_SESSION_COOKIE
 
         self.hsts_enabled = enable_hsts
-
+        self.cors = cors
         # Make the static/templates directory if they don't exist.
         for _dir in (self.static_dir, self.templates_dir):
             os.makedirs(_dir, exist_ok=True)
@@ -109,9 +113,14 @@ class API:
         self.add_middleware(GZipMiddleware)
         if debug:
             self.add_middleware(DebugMiddleware)
+
         if self.hsts_enabled:
             self.add_middleware(HTTPSRedirectMiddleware)
 
+        if self.cors:
+            # TODO: DOCS
+            self.add_middleware(CORSMiddleware, **CORS_PARAMS)
+
         # Jinja enviroment
         self.jinja_env = jinja2.Environment(
             loader=jinja2.FileSystemLoader(
diff --git a/responder/statics.py b/responder/statics.py
index b00a530..a10cf34 100644
--- a/responder/statics.py
+++ b/responder/statics.py
@@ -2,3 +2,13 @@ DEFAULT_ENCODING = "utf-8"
 DEFAULT_API_THEME = "swaggerui"
 DEFAULT_SESSION_COOKIE = "Responder-Session"
 DEFAULT_SECRET_KEY = "NOTASECRET"
+
+CORS_PARAMS = {
+	"allow_origins": (),
+	"allow_methods": ("GET",),
+	"allow_headers": (),
+	"allow_credentials": False,
+	"allow_origin_regex": None,
+	"expose_headers": (),
+	"max_age": 600,
+}