diff --git a/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java b/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java
index 72db7c2a..8cf3de08 100644
--- a/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java
+++ b/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java
@@ -21,7 +21,7 @@ protected void doFilterInternal(final HttpServletRequest request,
         response.setHeader("Access-Control-Allow-Credentials", "true");
         response.setHeader("Access-Control-Allow-Methods", "GET, POST, PATCH, DELETE, OPTIONS");
         response.setHeader("Access-Control-Max-Age", "3600");
-        response.setHeader("Access-Control-Allow-Headers", "*");
+        response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, Accept");
         response.setHeader("Access-Control-Expose-Headers", "Set-Cookie");
         ContentCachingRequestWrapper contentCachingRequestWrapper = new ContentCachingRequestWrapper(request);
         ContentCachingResponseWrapper contentCachingResponseWrapper = new ContentCachingResponseWrapper(response);