diff --git a/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java b/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java
index 72db7c2a..d9ca01a5 100644
--- a/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java
+++ b/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java
@@ -21,7 +21,8 @@ protected void doFilterInternal(final HttpServletRequest request,
         response.setHeader("Access-Control-Allow-Credentials", "true");
         response.setHeader("Access-Control-Allow-Methods", "GET, POST, PATCH, DELETE, OPTIONS");
         response.setHeader("Access-Control-Max-Age", "3600");
-        response.setHeader("Access-Control-Allow-Headers", "*");
+        response.setHeader("Access-Control-Allow-Headers",
+                "Origin, X-Requested-With, Content-Type, Accept, Authorization, x-xsrf-token");
         response.setHeader("Access-Control-Expose-Headers", "Set-Cookie");
         ContentCachingRequestWrapper contentCachingRequestWrapper = new ContentCachingRequestWrapper(request);
         ContentCachingResponseWrapper contentCachingResponseWrapper = new ContentCachingResponseWrapper(response);