diff --git a/pkg/base/cors.go b/pkg/base/cors.go
index 863df70..70269ff 100644
--- a/pkg/base/cors.go
+++ b/pkg/base/cors.go
@@ -16,6 +16,14 @@ var (
 		"Access-Control-Allow-Headers: Content-Type\r\n"
 )
 
+func AddCorsHeaders2HlsIfNeeded(w http.ResponseWriter) {
+	// TODO(chef): [opt] 为其他协议也增加配置项 202308
+
+	if AddCors2HlsFlag {
+		AddCorsHeaders(w)
+	}
+}
+
 func AddCorsHeaders(w http.ResponseWriter) {
 	w.Header().Set("Access-Control-Allow-Credentials", "true")
 	w.Header().Set("Access-Control-Allow-Origin", "*")
diff --git a/pkg/base/var.go b/pkg/base/var.go
index c480b2b..c9d409c 100644
--- a/pkg/base/var.go
+++ b/pkg/base/var.go
@@ -11,3 +11,6 @@ package base
 import "github.com/q191201771/naza/pkg/nazalog"
 
 var Log = nazalog.GetGlobalLogger()
+
+// AddCors2HlsFlag 是否为hls增加跨域相关的http header
+var AddCors2HlsFlag = true
diff --git a/pkg/hls/server_handler.go b/pkg/hls/server_handler.go
index c8fa0a4..5b707c0 100644
--- a/pkg/hls/server_handler.go
+++ b/pkg/hls/server_handler.go
@@ -108,7 +108,7 @@ func (s *ServerHandler) ServeHTTPWithUrlCtx(resp http.ResponseWriter, req *http.
 				query.Set("session_id", session.sessionIdHash)
 				redirectUrl := urlObj.Path + "?" + query.Encode()
 				resp.Header().Add("Cache-Control", "no-cache")
-				base.AddCorsHeaders(resp)
+				base.AddCorsHeaders2HlsIfNeeded(resp)
 				http.Redirect(resp, req, redirectUrl, http.StatusFound)
 				return
 			}
@@ -146,7 +146,7 @@ func (s *ServerHandler) ServeHTTPWithUrlCtx(resp http.ResponseWriter, req *http.
 		resp.Header().Add("Server", base.LalHlsTsServer)
 	}
 	resp.Header().Add("Cache-Control", "no-cache")
-	base.AddCorsHeaders(resp)
+	base.AddCorsHeaders2HlsIfNeeded(resp)
 
 	if sessionIdHash != "" {
 		session := s.getSubSession(sessionIdHash)