diff --git a/volumes/conf.d/registry.zinomedia.de.conf b/volumes/conf.d/registry.zinomedia.de.conf
index 2ab3b46..8bb1257 100644
--- a/volumes/conf.d/registry.zinomedia.de.conf
+++ b/volumes/conf.d/registry.zinomedia.de.conf
@@ -29,6 +29,11 @@ server {
     chunked_transfer_encoding on;
 
     location /v2/ {
+        add_header Access-Control-Allow-Origin "https://registryui.zinomedia.de";
+        add_header Access-Control-Allow-Credentials "true";
+        add_header Access-Control-Allow-Headers "Authorization, Accept, Cache-Control";
+        add_header Access-Control-Allow-Methods "HEAD, GET, OPTIONS, DELETE";
+
         # Do not allow connections from docker 1.5 and earlier
         # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
         if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
diff --git a/volumes/conf.d/registryui.zinomedia.de.conf b/volumes/conf.d/registryui.zinomedia.de.conf
index 7198085..7e11d0b 100644
--- a/volumes/conf.d/registryui.zinomedia.de.conf
+++ b/volumes/conf.d/registryui.zinomedia.de.conf
@@ -21,10 +21,6 @@ server {
 
     location / {
         add_header Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src * 'unsafe-inline'; font-src * data:;" always;
-        add_header Access-Control-Allow-Origin "https://registry.zinomedia.de";
-        add_header Access-Control-Allow-Credentials "true";
-        add_header Access-Control-Allow-Headers "Authorization, Accept, Cache-Control";
-        add_header Access-Control-Allow-Methods "HEAD, GET, OPTIONS, DELETE";
 
         resolver 127.0.0.11;
         set $upstream "http://registryui:80";