diff --git a/cors.go b/cors.go
index a863df6..566f31c 100644
--- a/cors.go
+++ b/cors.go
@@ -1,28 +1,20 @@
 package main
 
 import (
+	"log"
+
 	"github.com/gin-gonic/gin"
 )
 
-// this function is aborded
-func corsMiddleware() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		// set cors header
-		header := c.Request.Header
-		if header.Get("Access-Control-Allow-Origin") == "" {
-			c.Header("Access-Control-Allow-Origin", "*")
-		}
-		if header.Get("Access-Control-Allow-Methods") == "" {
-			c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, PATCH")
-		}
-		if header.Get("Access-Control-Allow-Headers") == "" {
-			c.Header("Access-Control-Allow-Headers", "Origin, Authorization, Content-Type")
-		}
+func sendCORSHeaders(c *gin.Context) {
+	log.Println("sendCORSHeaders")
+	if c.Writer.Header().Get("Access-Control-Allow-Origin") == "" {
+		c.Header("Access-Control-Allow-Origin", "*")
+	}
+	if c.Writer.Header().Get("Access-Control-Allow-Methods") == "" {
+		c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, PATCH")
+	}
+	if c.Writer.Header().Get("Access-Control-Allow-Headers") == "" {
+		c.Header("Access-Control-Allow-Headers", "Origin, Authorization, Content-Type")
 	}
 }
-
-func sendCORSHeaders(c *gin.Context) {
-	c.Header("Access-Control-Allow-Origin", "*")
-	c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, PATCH")
-	c.Header("Access-Control-Allow-Headers", "Origin, Authorization, Content-Type")
-}
diff --git a/main.go b/main.go
index 52b4484..37bb864 100644
--- a/main.go
+++ b/main.go
@@ -13,6 +13,7 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/penglongli/gin-metrics/ginmetrics"
 	"gorm.io/driver/postgres"
+
 	"gorm.io/driver/sqlite"
 	"gorm.io/gorm"
 )
diff --git a/process.go b/process.go
index 4b3701c..86bd07d 100644
--- a/process.go
+++ b/process.go
@@ -136,16 +136,13 @@ func processRequest(c *gin.Context, upstream *OPENAI_UPSTREAM, record *Record, s
 		record.ResponseTime = time.Since(record.CreatedAt)
 		record.Status = r.StatusCode
 
-		// handle reverse proxy cors header if upstream do not set that
-		if r.Header.Get("Access-Control-Allow-Origin") == "" {
-			c.Header("Access-Control-Allow-Origin", "*")
-		}
-		if r.Header.Get("Access-Control-Allow-Methods") == "" {
-			c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, PATCH")
-		}
-		if r.Header.Get("Access-Control-Allow-Headers") == "" {
-			c.Header("Access-Control-Allow-Headers", "Origin, Authorization, Content-Type")
-		}
+		// remove response's cors headers
+		r.Header.Del("Access-Control-Allow-Origin")
+		r.Header.Del("Access-Control-Allow-Methods")
+		r.Header.Del("Access-Control-Allow-Headers")
+		r.Header.Del("access-control-allow-origin")
+		r.Header.Del("access-control-allow-methods")
+		r.Header.Del("access-control-allow-headers")
 
 		if !shouldResponse && r.StatusCode != 200 {
 			log.Println("[proxy.modifyResponse]: upstream return not 200 and should not response", r.StatusCode)
@@ -163,6 +160,8 @@ func processRequest(c *gin.Context, upstream *OPENAI_UPSTREAM, record *Record, s
 			record.Status = r.StatusCode
 			return errRet
 		}
+		// handle reverse proxy cors header if upstream do not set that
+		sendCORSHeaders(c)
 		// count success
 		r.Body = io.NopCloser(io.TeeReader(r.Body, &buf))
 		contentType = r.Header.Get("content-type")