diff --git a/docs/setup/cors.md b/docs/setup/cors.md
new file mode 100644
index 00000000..53357934
--- /dev/null
+++ b/docs/setup/cors.md
@@ -0,0 +1,17 @@
+# CORS
+
+Cross-original resource sharing
+
+> **External Access**
+> By default Cachet can be accessed by any third-party server.
+
+You may configure your Cachet installation for CORS very easily. To blacklist everybody except one or more domains:
+
+- Login to your Dashboard
+- Go to the Settings panel
+- Click on Security
+- You'll see a Allowed domains textarea, fill in any domains that you
+  want to access the API as a comma separated list:
+
+> _Text_
+> https://demo.cachethq.io,https://status.cachethq.io