diff --git a/README.md b/README.md
index 2d03ae2..f5c43eb 100644
--- a/README.md
+++ b/README.md
@@ -126,12 +126,11 @@ gateway:
   disableDisplayRouteOnStart: false
   # Proxy Global HTTP Cors
   cors:
-    # Cors origins are global for all routes
+    # Global routes cors for all routes
     origins:
       - https://example.com
-      - https://dev.example.com
-      - http://localhost:80
-    # Allowed headers are global for all routes
+      - https://auth.example.com
+    # Global routes cors headers for all routes
     headers:
       Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'
       Access-Control-Allow-Credentials: 'true'
@@ -141,7 +140,7 @@ gateway:
     # Example of a route | 1
     - name: Store
       # host Domain/host based request routing
-      host: localhost
+      host: dev.example.com
       path: /store
       ## Rewrite a request path
       # e.g rewrite: /store to /
@@ -153,8 +152,13 @@ gateway:
       disableHeaderXForward: false
       # Internal health check
       healthCheck: /internal/health/ready
-      # Proxy route HTTP Cors
+      # Route Cors, global cors will be overridden by route
       cors:
+        # Route Origins Cors, global cors will be overridden by route
+        origins:
+          - https://dev.example.com
+          - http://localhost:3000
+        # Route Cors headers, global cors will be overridden by route
         headers:
           Access-Control-Allow-Methods: 'GET'
           Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'
diff --git a/goma.yml b/goma.yml
index 5b846a8..97afa89 100644
--- a/goma.yml
+++ b/goma.yml
@@ -20,12 +20,11 @@ gateway:
   disableDisplayRouteOnStart: false
   # Proxy Global HTTP Cors
   cors:
-    # Cors origins are global for all routes
+    # Global routes cors for all routes
     origins:
       - https://example.com
-      - https://dev.example.com
-      - http://localhost:80
-    # Allowed headers are global for all routes
+      - https://auth.example.com
+    # Global routes cors headers for all routes
     headers:
       Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'
       Access-Control-Allow-Credentials: 'true'
@@ -35,7 +34,7 @@ gateway:
     # Example of a route | 1
     - name: Store
     # host Domain/host based request routing
-      host: localhost
+      host: dev.example.com
       path: /store
       ## Rewrite a request path
       # e.g rewrite: /store to /
@@ -47,8 +46,13 @@ gateway:
       disableHeaderXForward: false
       # Internal health check
       healthCheck: /internal/health/ready
-      # Proxy route HTTP Cors
+      # Route Cors, global cors will be overridden by route
       cors:
+        # Route Origins Cors, global cors will be overridden by route
+        origins:
+          - https://dev.example.com
+          - http://localhost:3000
+        # Route Cors headers, global cors will be overridden by route
         headers:
           Access-Control-Allow-Methods: 'GET'
           Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'
diff --git a/pkg/config.go b/pkg/config.go
index 210989f..5c592c9 100644
--- a/pkg/config.go
+++ b/pkg/config.go
@@ -262,7 +262,14 @@ func initConfig(configFile string) {
 					Rewrite:     "/",
 					HealthCheck: "",
 					Blocklist:   []string{},
-					Cors:        Cors{},
+					Cors: Cors{
+						Origins: []string{"http://localhost:3000", "https://dev.example.com"},
+						Headers: map[string]string{
+							"Access-Control-Allow-Headers":     "Origin, Authorization",
+							"Access-Control-Allow-Credentials": "true",
+							"Access-Control-Max-Age":           "1728000",
+						},
+					},
 					Middlewares: []RouteMiddleware{
 						{
 							Path:  "/user",