diff --git a/app/Config/Filters.php b/app/Config/Filters.php
index 0beff42d83daacf789bcd16dc2121aed9a86ed6e..2146a1f8600819cc123a0e54bc1ff2d1185d296b 100644
--- a/app/Config/Filters.php
+++ b/app/Config/Filters.php
@@ -4,6 +4,7 @@ declare(strict_types=1);
 
 namespace Config;
 
+use App\Filters\AllowCorsFilter;
 use CodeIgniter\Config\BaseConfig;
 use CodeIgniter\Filters\CSRF;
 use CodeIgniter\Filters\DebugToolbar;
@@ -12,7 +13,6 @@ use CodeIgniter\Filters\InvalidChars;
 use CodeIgniter\Filters\SecureHeaders;
 use Modules\Api\Rest\V1\Filters\ApiFilter;
 use Modules\Auth\Filters\PermissionFilter;
-use Modules\Fediverse\Filters\AllowCorsFilter;
 use Modules\Fediverse\Filters\FediverseFilter;
 use Modules\PremiumPodcasts\Filters\PodcastUnlockFilter;
 
diff --git a/modules/Fediverse/Filters/AllowCorsFilter.php b/app/Filters/AllowCorsFilter.php
similarity index 77%
rename from modules/Fediverse/Filters/AllowCorsFilter.php
rename to app/Filters/AllowCorsFilter.php
index 3ed0f9489a393cbd0144e3b828baed123344bc83..7edc2b6e96a67292d3747f8cbbe1f285f6e949d8 100644
--- a/modules/Fediverse/Filters/AllowCorsFilter.php
+++ b/app/Filters/AllowCorsFilter.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-namespace Modules\Fediverse\Filters;
+namespace App\Filters;
 
 use CodeIgniter\Filters\FilterInterface;
 use CodeIgniter\HTTP\RequestInterface;
@@ -17,11 +17,13 @@ class AllowCorsFilter implements FilterInterface
 
     public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
     {
+        if (! $response->hasHeader('Cache-Control')) {
+            $response->setHeader('Cache-Control', 'public, max-age=86400');
+        }
+
         $response->setHeader('Access-Control-Allow-Origin', '*') // for allowing any domain, insecure
             ->setHeader('Access-Control-Allow-Headers', '*') // for allowing any headers, insecure
             ->setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS') // allows GET and OPTIONS methods only
-            ->setHeader('Access-Control-Max-Age', '86400')
-            ->setHeader('Cache-Control', 'public, max-age=86400')
-            ->setStatusCode(200);
+            ->setHeader('Access-Control-Max-Age', '86400');
     }
 }
diff --git a/modules/Media/Config/Routes.php b/modules/Media/Config/Routes.php
index eb89c80d1da9ac3cf3cc6a374d4d63b29331db80..1c7ba01e39f3cf715adcf48434674470e978fe4a 100644
--- a/modules/Media/Config/Routes.php
+++ b/modules/Media/Config/Routes.php
@@ -13,4 +13,5 @@ $routes = service('routes');
 $routes->get('static/(:any)', 'MediaController::serve/$1', [
     'as'        => 'media-serve',
     'namespace' => 'Modules\Media\Controllers',
+    'filter'    => 'allow-cors',
 ]);