diff --git a/Classes/Http/CorsHeaderMiddleware.php b/Classes/Http/CorsHeaderMiddleware.php
index b05fb3f..647a325 100644
--- a/Classes/Http/CorsHeaderMiddleware.php
+++ b/Classes/Http/CorsHeaderMiddleware.php
@@ -319,6 +319,8 @@ private function areHeadersAllowed(array $headers): bool
         if ($this->allowedHeadersAll || $this->allowedHeaders === []) {
             return true;
         }
+        // each header may comma seperated itself
+        $headers = array_merge(...array_map(fn(string $line) => explode(',' , $line), $headers));
         foreach ($headers as $header) {
             if (!in_array($header, $this->allowedHeaders, true)) {
                 return false;