diff --git a/activate_account_project/settings/base.py b/activate_account_project/settings/base.py
index f8493105007a1b64fae994591502d8b3f78cfaa3..b5d6996d81c8f77c32c57dd9f2546b04fc134018 100644
--- a/activate_account_project/settings/base.py
+++ b/activate_account_project/settings/base.py
@@ -4,6 +4,7 @@ from datetime import timedelta
 
 import externalsettings
 import structlog
+from corsheaders.defaults import default_headers
 
 from api.versions import AVAILABLE_VERSIONS
 
@@ -72,6 +73,7 @@ INSTALLED_APPS = [
     "django_filters",
     "drf_spectacular",
     "rest_framework",
+    "corsheaders",
     "knox",
     "activate_account",
     "api",
@@ -230,6 +232,7 @@ SPECTACULAR_SETTINGS = {
 # Allow all origins to access API.
 CORS_URLS_REGEX = r"^.*$"
 CORS_ORIGIN_ALLOW_ALL = True
+CORS_ALLOW_HEADERS = (*default_headers, "X-Recaptcha-Token")
 
 SWAGGER_SETTINGS = {
     # Describe token authentication in swagger definition