diff --git a/docker/nginx/vhost.conf b/docker/nginx/vhost.conf
index 6242b51e..04eda541 100644
--- a/docker/nginx/vhost.conf
+++ b/docker/nginx/vhost.conf
@@ -3,6 +3,10 @@ server {
     listen 0.0.0.0:80;
     root /srv/app/public;
 
+    # Sent empty access control header
+    # If we don't sent this empty header Datapunt loadballancer will add an Access-Control-Allow-Origin: * header, which is a security risk
+    add_header Access-Control-Allow-Origin " ";
+
     location / {
         try_files $uri /index.php$is_args$args;
     }
@@ -33,6 +37,10 @@ server {
 
     root /srv/app/public;
 
+    # Sent empty access control header
+    # If we don't sent this empty header Datapunt loadballancer will add an Access-Control-Allow-Origin: * header, which is a security risk
+    add_header Access-Control-Allow-Origin " ";
+
     ssl on;
 
     ssl_certificate /srv/localhost.crt;