diff --git a/src/main/java/ch/ethz/seb/sebserver/gui/ProctoringServlet.java b/src/main/java/ch/ethz/seb/sebserver/gui/ProctoringServlet.java
index 8701d755..de6c66ac 100644
--- a/src/main/java/ch/ethz/seb/sebserver/gui/ProctoringServlet.java
+++ b/src/main/java/ch/ethz/seb/sebserver/gui/ProctoringServlet.java
@@ -78,9 +78,17 @@ public class ProctoringServlet extends HttpServlet {
             log.error("Failed to get proctoring window script for data: {}", proctoringData);
             resp.getOutputStream().println("Failed to get proctoring window script");
         } else {
+            RAPConfiguration.setCORS(resp);
             resp.getOutputStream().println(script);
         }
+    }
 
+    @Override
+    protected void doOptions(final HttpServletRequest req, final HttpServletResponse resp)
+            throws ServletException, IOException {
+
+        RAPConfiguration.setCORS(resp);
+        resp.setStatus(HttpServletResponse.SC_OK);
     }
 
     private boolean isAuthenticated(
diff --git a/src/main/java/ch/ethz/seb/sebserver/gui/RAPConfiguration.java b/src/main/java/ch/ethz/seb/sebserver/gui/RAPConfiguration.java
index 2a862ab0..9550f29f 100644
--- a/src/main/java/ch/ethz/seb/sebserver/gui/RAPConfiguration.java
+++ b/src/main/java/ch/ethz/seb/sebserver/gui/RAPConfiguration.java
@@ -121,9 +121,12 @@ public class RAPConfiguration implements ApplicationConfiguration {
                     final WebApplicationContext webApplicationContext = getWebApplicationContext(httpSession);
                     final boolean authenticated = isAuthenticated(httpSession, webApplicationContext);
                     if (authenticated) {
+
                         final EntryPointService entryPointService = webApplicationContext
                                 .getBean(EntryPointService.class);
                         entryPointService.loadProctoringView(parent);
+                        final HttpServletResponse response = RWT.getResponse();
+                        setCORS(response);
                     } else {
                         final HttpServletResponse response = RWT.getResponse();
                         response.setStatus(HttpStatus.FORBIDDEN.value());
@@ -133,6 +136,12 @@ public class RAPConfiguration implements ApplicationConfiguration {
         }
     }
 
+    public static final void setCORS(final HttpServletResponse resp) {
+        resp.addHeader("Access-Control-Allow-Origin", "*");
+        resp.setHeader("Access-Control-Allow-Methods", "GET");
+        resp.setHeader("Vary", "Origin");
+    }
+
     public static final class RAPSpringEntryPointFactory implements EntryPointFactory {
 
         private boolean initialized = false;