diff --git a/app/core/config.py b/app/core/config.py
index c07332b..ca6bc8c 100644
--- a/app/core/config.py
+++ b/app/core/config.py
@@ -11,7 +11,13 @@ class Settings(BaseSettings):
     ROOT_PATH: str = ""  # For deployments behind proxies/subpaths, can be set via env var
     
     # CORS Settings
-    CORS_ORIGINS: List[str] = ["*"]  # Allow all origins for development
+    # List of allowed origins for CORS (Cross-Origin Resource Sharing)
+    CORS_ORIGINS: List[str] = [
+        "http://localhost",
+        "http://localhost:3000",
+        "http://localhost:8000", 
+        "https://exquisite-puppy-b0f53e.netlify.app"
+    ]
 
     @field_validator("CORS_ORIGINS", mode="before")
     @classmethod
diff --git a/main.py b/main.py
index a41765d..3ed41bd 100644
--- a/main.py
+++ b/main.py
@@ -18,10 +18,12 @@ app = FastAPI(
 # Set CORS middleware
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=["*"],  # Allow all origins for development
+    allow_origins=settings.CORS_ORIGINS,  # Use origins from settings
     allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],
+    expose_headers=["*"],
+    max_age=600,  # Cache preflight requests for 10 minutes
 )
 
 # Include API router