diff --git a/config.example.yml b/config.example.yml
index 76cffb7..4b64841 100644
--- a/config.example.yml
+++ b/config.example.yml
@@ -6,4 +6,8 @@ cache:
   enable_locks: true
   java_status_duration: 1m
   bedrock_status_duration: 1m
-  icon_duration: 24h
\ No newline at end of file
+  icon_duration: 24h
+access_control:
+  enable: true
+  allowed_origins:
+    - '*'
\ No newline at end of file
diff --git a/src/config.go b/src/config.go
index 5a32340..8eda8f7 100644
--- a/src/config.go
+++ b/src/config.go
@@ -22,16 +22,18 @@ var (
 			BedrockStatusDuration: time.Minute,
 			IconDuration:          time.Minute * 15,
 		},
+		AccessControl: ConfigAccessControl{},
 	}
 )
 
 // Config represents the application configuration.
 type Config struct {
-	Environment string      `yaml:"environment"`
-	Host        string      `yaml:"host"`
-	Port        uint16      `yaml:"port"`
-	Redis       *string     `yaml:"redis"`
-	Cache       ConfigCache `yaml:"cache"`
+	Environment   string              `yaml:"environment"`
+	Host          string              `yaml:"host"`
+	Port          uint16              `yaml:"port"`
+	Redis         *string             `yaml:"redis"`
+	Cache         ConfigCache         `yaml:"cache"`
+	AccessControl ConfigAccessControl `yaml:"access_control"`
 }
 
 // ConfigCache represents the caching durations of various responses.
@@ -42,6 +44,12 @@ type ConfigCache struct {
 	IconDuration          time.Duration `yaml:"icon_duration"`
 }
 
+// ConfigAccessControl is the configuration for the CORS headers
+type ConfigAccessControl struct {
+	Enable         bool     `yaml:"enable"`
+	AllowedOrigins []string `yaml:"allowed_origins"`
+}
+
 // ReadFile reads the configuration from the given file and overrides values using environment variables.
 func (c *Config) ReadFile(file string) error {
 	data, err := os.ReadFile(file)
diff --git a/src/routes.go b/src/routes.go
index 4d35b7f..21df249 100644
--- a/src/routes.go
+++ b/src/routes.go
@@ -6,6 +6,7 @@ import (
 	"main/src/assets"
 	"net/http"
 	"strconv"
+	"strings"
 
 	"github.com/gofiber/fiber/v2"
 	"github.com/gofiber/fiber/v2/middleware/cors"
@@ -25,11 +26,13 @@ func init() {
 		Data: assets.Favicon,
 	}))
 
-	app.Use(cors.New(cors.Config{
-		AllowOrigins:  "*",
-		AllowMethods:  "HEAD,OPTIONS,GET,POST",
-		ExposeHeaders: "X-Cache-Hit,X-Cache-Time-Remaining",
-	}))
+	if config.AccessControl.Enable {
+		app.Use(cors.New(cors.Config{
+			AllowOrigins:  strings.Join(config.AccessControl.AllowedOrigins, ","),
+			AllowMethods:  "HEAD,OPTIONS,GET,POST",
+			ExposeHeaders: "X-Cache-Hit,X-Cache-Time-Remaining",
+		}))
+	}
 
 	if config.Environment == "development" {
 		app.Use(logger.New(logger.Config{