diff --git a/functions.php b/functions.php
index 341c084..8491809 100644
--- a/functions.php
+++ b/functions.php
@@ -1,30 +1,5 @@
 <?php
 
-/**
- *  An example CORS-compliant method.  It will allow any GET, POST, or OPTIONS requests from any
- *  origin.
- *
- *  In a production environment, you probably want to be more restrictive, but this gives you
- *  the general idea of what is involved.  For the nitty-gritty low-down, read:
- *
- *  - https://developer.mozilla.org/en/HTTP_access_control
- *  - https://fetch.spec.whatwg.org/#http-cors-protocol
- *
- */
-function cors() {
-	// Allow from any origin
-	header("Access-Control-Allow-Origin: *");
-	header('Access-Control-Max-Age: 86400');    // cache for 1 day
-	header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
-	header("Access-Control-Request-Headers: content-type");
-	// Access-Control headers are received during OPTIONS requests
-	if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
-//		header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
-//		header("Access-Control-Request-Headers: content-type");
-		exit(0);
-	}
-}
-
 function return_success() {
 	return json_encode(['status' => 'success', 'message' => 'OK']);
 }
diff --git a/webhook.php b/webhook.php
index f0da669..cd5027d 100644
--- a/webhook.php
+++ b/webhook.php
@@ -2,7 +2,16 @@
 include 'config.php';
 include 'functions.php';
 
-cors();
+// CORS
+header("Access-Control-Allow-Origin: *");
+header('Access-Control-Max-Age: 86400');    // cache for 1 day
+if (strtolower($_SERVER['REQUEST_METHOD']) == 'options') {
+	http_response_code(204);
+	header("Access-Control-Allow-Headers: origin, content-type, accept");
+	header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
+	header("Access-Control-Allow-Private-Network: true");
+	exit(0);
+}
 
 // Read the raw POST data
 $data = json_decode(file_get_contents('php://input'), true)