diff --git a/api.planx.uk/modules/ordnanceSurvey/middleware.ts b/api.planx.uk/modules/ordnanceSurvey/middleware.ts
deleted file mode 100644
index 5b9d68cbf7..0000000000
--- a/api.planx.uk/modules/ordnanceSurvey/middleware.ts
+++ /dev/null
@@ -1,49 +0,0 @@
-import cors, { CorsOptions } from "cors";
-import { RequestHandler } from "express";
-import { ServerError } from "../../errors";
-
-const MAP_ALLOWLIST: RegExp[] = [
-  // Local development
-  /^http:\/\/(127\.0\.0\.1|localhost):(3000|5173|6006|7007)$/i,
-  // Documentation
-  /^https:\/\/.*\.netlify\.app$/i,
-  // PlanX
-  /^https:\/\/.*planx\.(pizza|dev|uk)$/i,
-  // Custom domains
-  /^https:\/\/.*(\.gov\.uk)$/i,
-];
-
-const checkAllowedOrigins: CorsOptions["origin"] = (origin, callback) => {
-  const isAllowed =
-    origin && MAP_ALLOWLIST.some((pattern) => pattern.test(origin));
-
-  console.log("***************");
-  console.log("***************");
-  console.log("***************");
-  console.log({ origin });
-  console.log({ isAllowed });
-  console.log("***************");
-  console.log("***************");
-  console.log("***************");
-
-  !origin || isAllowed
-    ? callback(null, true)
-    : callback(new ServerError({ status: 401, message: "Unauthorised" }));
-};
-
-/**
- * Overwrite CORS options for OS Proxy endpoint
- * This endpoint is accessed from different origins to the rest of the API
- */
-export const osProxyCORS: RequestHandler = cors({
-  credentials: true,
-  methods: "*",
-  origin: checkAllowedOrigins,
-  allowedHeaders: [
-    "Accept",
-    "Authorization",
-    "Content-Type",
-    "Origin",
-    "X-Requested-With",
-  ],
-});
diff --git a/api.planx.uk/modules/ordnanceSurvey/ordnanceSurvey.test.ts b/api.planx.uk/modules/ordnanceSurvey/ordnanceSurvey.test.ts
index 967cdc240a..c0f33542d3 100644
--- a/api.planx.uk/modules/ordnanceSurvey/ordnanceSurvey.test.ts
+++ b/api.planx.uk/modules/ordnanceSurvey/ordnanceSurvey.test.ts
@@ -57,76 +57,6 @@ describe("Ordnance Survey proxy endpoint", () => {
         });
       });
   });
-
-  describe("CORS functionality", () => {
-    it("blocks requests which are not from a valid referrer", async () => {
-      await get(ENDPOINT + TILE_PATH)
-        .set({ origin: "https://www.invalid-site.com" })
-        .expect(401)
-        .then((response) => {
-          expect(response.body).toEqual({
-            error: "Unauthorised",
-          });
-        });
-    });
-
-    it("allows requests from allow-listed URLs", async () => {
-      nock(OS_DOMAIN)
-        .get(TILE_PATH)
-        .query({ key: process.env.ORDNANCE_SURVEY_API_KEY })
-        .reply(200, { test: "returned tile" });
-
-      await get(ENDPOINT + TILE_PATH)
-        .set({ origin: "https://oslmap.netlify.app" })
-        .expect(200)
-        .then((response) => {
-          expect(response.body).toEqual({
-            test: "returned tile",
-          });
-          expect(response.headers["cross-origin-resource-policy"]).toEqual(
-            "cross-origin",
-          );
-        });
-    });
-
-    it("allows requests from PlanX", async () => {
-      nock(OS_DOMAIN)
-        .get(TILE_PATH)
-        .query({ key: process.env.ORDNANCE_SURVEY_API_KEY })
-        .reply(200, { test: "returned tile" });
-
-      await get(ENDPOINT + TILE_PATH)
-        .set({ origin: "https://www.planx.dev" })
-        .expect(200)
-        .then((response) => {
-          expect(response.body).toEqual({
-            test: "returned tile",
-          });
-          expect(response.headers["cross-origin-resource-policy"]).toEqual(
-            "cross-origin",
-          );
-        });
-    });
-
-    it("allows requests from custom domains", async () => {
-      nock(OS_DOMAIN)
-        .get(TILE_PATH)
-        .query({ key: process.env.ORDNANCE_SURVEY_API_KEY })
-        .reply(200, { test: "returned tile" });
-
-      await get(ENDPOINT + TILE_PATH)
-        .set({ origin: "https://planningservices.buckinghamshire.gov.uk" })
-        .expect(200)
-        .then((response) => {
-          expect(response.body).toEqual({
-            test: "returned tile",
-          });
-          expect(response.headers["cross-origin-resource-policy"]).toEqual(
-            "cross-origin",
-          );
-        });
-    });
-  });
 });
 
 describe("appendAPIKey helper function", () => {
diff --git a/api.planx.uk/modules/ordnanceSurvey/routes.ts b/api.planx.uk/modules/ordnanceSurvey/routes.ts
index 1d1f88489d..b8f5204c94 100644
--- a/api.planx.uk/modules/ordnanceSurvey/routes.ts
+++ b/api.planx.uk/modules/ordnanceSurvey/routes.ts
@@ -1,9 +1,8 @@
 import { Router } from "express";
 import { useOrdnanceSurveyProxy } from "./controller";
-import { osProxyCORS } from "./middleware";
 
 const router = Router();
 
-router.use("/proxy/ordnance-survey", osProxyCORS, useOrdnanceSurveyProxy);
+router.use("/proxy/ordnance-survey", useOrdnanceSurveyProxy);
 
 export default router;
diff --git a/api.planx.uk/server.ts b/api.planx.uk/server.ts
index 8c95c29f04..14768d6144 100644
--- a/api.planx.uk/server.ts
+++ b/api.planx.uk/server.ts
@@ -43,8 +43,9 @@ const checkAllowedOrigins: CorsOptions["origin"] = (origin, callback) => {
   const isDevelopment = process.env.APP_ENVIRONMENT === "development";
   const allowList = process.env.CORS_ALLOWLIST?.split(", ") || [];
   const isAllowed = Boolean(origin && allowList.includes(origin));
+  const isMapDocs = Boolean(origin?.endsWith("oslmap.netlify.app"));
 
-  !origin || isTest || isDevelopment || isAllowed
+  !origin || isTest || isDevelopment || isAllowed || isMapDocs
     ? callback(null, true)
     : callback(new Error("Not allowed by CORS"));
 };