diff --git a/geomagio/api/secure/app.py b/geomagio/api/secure/app.py
index 81aaacb1f848da335308e253ce8b202774da2613..753b9e3bca9ff2cdfe4cda7fb6bd50d882b3f00c 100644
--- a/geomagio/api/secure/app.py
+++ b/geomagio/api/secure/app.py
@@ -33,14 +33,6 @@ app.include_router(login_router)
 app.include_router(metadata_router)
 
 
-@app.middleware("http")
-async def add_headers(request: Request, call_next):
-    response = await call_next(request)
-    response.headers["Access-Control-Allow-Origin"] = "*"
-    response.headers["Cache-Control"] = "no-cache"
-    return response
-
-
 @app.get("/")
 async def index(request: Request, user: User = Depends(current_user)):
     """Route to demo user login."""
diff --git a/geomagio/api/ws/app.py b/geomagio/api/ws/app.py
index 56c4b8aafc0e73ddf5fc0c133c8bf91857292e0a..8d72e32611a4bc32b61ff595a46cdaa049183ef8 100644
--- a/geomagio/api/ws/app.py
+++ b/geomagio/api/ws/app.py
@@ -35,7 +35,11 @@ app.include_router(observatories.router)
 async def add_headers(request: Request, call_next):
     response = await call_next(request)
     response.headers["Access-Control-Allow-Origin"] = "*"
-    response.headers["Cache-Control"] = "864000"
+    response.headers["Access-Control-Allow-Methods"] = "*"
+    response.headers[
+        "Access-Control-Allow-Headers"
+    ] = "accept, origin, authorization, content-type"
+    response.headers["Cache-Control"] = "max-age=60"
     return response