diff --git a/activate_account_project/settings/base.py b/activate_account_project/settings/base.py
index 87c8ef93b350ff3fa19fa254dce24c9dcebda14f..8ab67692855f310d13d6f9767d11c55326964083 100644
--- a/activate_account_project/settings/base.py
+++ b/activate_account_project/settings/base.py
@@ -4,6 +4,7 @@ from datetime import timedelta
 
 import externalsettings
 import structlog
+from corsheaders.defaults import default_headers
 
 from api.versions import AVAILABLE_VERSIONS
 
@@ -72,6 +73,7 @@ INSTALLED_APPS = [
     "django_filters",
     "drf_spectacular",
     "rest_framework",
+    "corsheaders",
     "knox",
     "activate_account",
     "api",
@@ -230,6 +232,7 @@ SPECTACULAR_SETTINGS = {
 # Allow all origins to access API.
 CORS_URLS_REGEX = r"^.*$"
 CORS_ORIGIN_ALLOW_ALL = True
+CORS_ALLOW_HEADERS = (*default_headers, "X-Recaptcha-Token")
 
 SWAGGER_SETTINGS = {
     # Describe token authentication in swagger definition