diff --git a/src/main/java/com/aida/gateway/filter/CorsResponseFilter.java b/src/main/java/com/aida/gateway/filter/CorsResponseFilter.java
new file mode 100644
index 0000000..6b043a8
--- /dev/null
+++ b/src/main/java/com/aida/gateway/filter/CorsResponseFilter.java
@@ -0,0 +1,33 @@
+package com.aida.gateway.filter;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpHeaders;
+import org.springframework.stereotype.Component;
+import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebFilter;
+import org.springframework.web.server.WebFilterChain;
+import reactor.core.publisher.Mono;
+
+@Component
+@Order(Ordered.LOWEST_PRECEDENCE)
+@Slf4j
+public class CorsResponseFilter implements WebFilter {
+
+    @Override
+    public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
+        return chain.filter(exchange).doOnSuccess(aVoid -> {
+            String origin = exchange.getRequest().getHeaders().getFirst("Origin");
+            log.debug("Setting CORS headers for Origin: {}", origin);
+            
+            exchange.getResponse().getHeaders().set(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, 
+                    origin != null ? origin : "*");
+            exchange.getResponse().getHeaders().set(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, 
+                    "GET, POST, PUT, DELETE, OPTIONS, PATCH");
+            exchange.getResponse().getHeaders().set(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "*");
+            exchange.getResponse().getHeaders().set(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
+            exchange.getResponse().getHeaders().set(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "3600");
+        });
+    }
+}