diff --git a/exam/classes/Auth/AdminAuth.php b/exam/classes/Auth/AdminAuth.php
index e7e9eca..8c353bb 100644
--- a/exam/classes/Auth/AdminAuth.php
+++ b/exam/classes/Auth/AdminAuth.php
@@ -16,17 +16,35 @@ class AdminAuth implements IMiddleware
 
     // No token
     if ($token === null) {
-      Response::response()->httpCode(401)->json(["code" => "Unauthorized", "message" => "Not Authorized"]);
+      Response::response()
+        ->header("Cache-control: no-cache")
+        ->header("Access-Control-Allow-Origin: *")
+        ->header("Access-Control-Allow-Methods: *")
+        ->header("Access-Control-Allow-Headers: *")
+        ->httpCode(401)
+        ->json(["code" => "Unauthorized", "message" => "Not Authorized"]);
     }
 
     try {
       $user = User::getByToken($token);
       if (!$user->getIsAdmin()) {
-        Response::response()->httpCode(401)->json(["code" => "Unauthorized", "message" => "Not Authorized"]);
+        Response::response()
+          ->header("Cache-control: no-cache")
+          ->header("Access-Control-Allow-Origin: *")
+          ->header("Access-Control-Allow-Methods: *")
+          ->header("Access-Control-Allow-Headers: *")
+          ->httpCode(401)
+          ->json(["code" => "Unauthorized", "message" => "Not Authorized"]);
       }
     } catch (Exception $err) {
       // No user with this token exists
-      Response::response()->httpCode(401)->json(["code" => "Unauthorized", "message" => "Not Authorized"]);
+      Response::response()
+        ->header("Cache-control: no-cache")
+        ->header("Access-Control-Allow-Origin: *")
+        ->header("Access-Control-Allow-Methods: *")
+        ->header("Access-Control-Allow-Headers: *")
+        ->httpCode(401)
+        ->json(["code" => "Unauthorized", "message" => "Not Authorized"]);
     }
   }
 }
diff --git a/exam/classes/Auth/Auth.php b/exam/classes/Auth/Auth.php
index eef37cc..baff77e 100644
--- a/exam/classes/Auth/Auth.php
+++ b/exam/classes/Auth/Auth.php
@@ -16,14 +16,26 @@ class Auth implements IMiddleware
 
     // No token
     if ($token === null) {
-      Response::response()->httpCode(401)->json(["code" => "Unauthorized", "message" => "Not Authorized"]);
+      Response::response()
+        ->header("Cache-control: no-cache")
+        ->header("Access-Control-Allow-Origin: *")
+        ->header("Access-Control-Allow-Methods: *")
+        ->header("Access-Control-Allow-Headers: *")
+        ->httpCode(401)
+        ->json(["code" => "Unauthorized", "message" => "Not Authorized"]);
     }
 
     try {
       User::getByToken($token);
     } catch (Exception $err) {
       // No user with this token exists
-      Response::response()->httpCode(401)->json(["code" => "Unauthorized", "message" => "Not Authorized"]);
+      Response::response()
+        ->header("Cache-control: no-cache")
+        ->header("Access-Control-Allow-Origin: *")
+        ->header("Access-Control-Allow-Methods: *")
+        ->header("Access-Control-Allow-Headers: *")
+        ->httpCode(401)
+        ->json(["code" => "Unauthorized", "message" => "Not Authorized"]);
     }
   }
 }
diff --git a/exam/classes/Auth/OptAuth.php b/exam/classes/Auth/OptAuth.php
index 1a0964d..8f2b9f5 100644
--- a/exam/classes/Auth/OptAuth.php
+++ b/exam/classes/Auth/OptAuth.php
@@ -23,7 +23,13 @@ class OptAuth implements IMiddleware
       User::getByToken($token);
     } catch (Exception $err) {
       // No user with this token exists
-      Response::response()->httpCode(401)->json(["code" => "Unauthorized", "message" => "Not Authorized"]);
+      Response::response()
+        ->header("Cache-control: no-cache")
+        ->header("Access-Control-Allow-Origin: *")
+        ->header("Access-Control-Allow-Methods: *")
+        ->header("Access-Control-Allow-Headers: *")
+        ->httpCode(401)
+        ->json(["code" => "Unauthorized", "message" => "Not Authorized"]);
     }
   }
 }