How to enable CORS in lighttpd

Follow these steps to enable CORS in lighttpd…

Step 1, edit lighttpd.conf to enable mod_setenv

server.modules = (
“mod_setenv”, => Make sure mod_setenv enabled.

After enabling mod_setenv, add these lines to your vhost block.

setenv.add-response-header = (
“Access-Control-Allow-Origin” => “*”,
“Access-Control-Allow-Methods” => “HEAD, GET, OPTIONS”,
“Access-Control-Expose-Headers” => “Content-Range, Date, Etag, Cache-Control, Last-Modified”,
“Access-Control-Allow-Headers” => “Content-Type, Origin, Accept, Range, Cache-Control”,
“Access-Control-Max-Age” => “600”,
“Timing-Allow-Origin” => “*” )

You might want to change values in headers, according to your case.

Keep in mind, setenv.add-response-header is accepting array as argument, you can add any additional headers there, followed by a comma.

To verify CORS headers are present, go to and check response headers.