diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2540d23408..c88f1a1ea3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,7 @@ Our versioning strategy is as follows:
 * `[templates/nextjs]` Enable client-only BYOC component imports. Client-only components can be imported through src/byoc/index.client.ts. Hybrid (server render with client hydration) components can be imported through src/byoc/index.hybrid.ts. BYOC scaffold logic is also moved from nextjs-sxa addon into base template ([#1628](https://github.com/Sitecore/jss/pull/1628)[#1636](https://github.com/Sitecore/jss/pull/1636))
 * `[templates/nextjs]` Import SitecoreForm component into sample nextjs app ([#1628](https://github.com/Sitecore/jss/pull/1628))
 * `[sitecore-jss-nextjs]` (Vercel/Sitecore) Deployment Protection Bypass support for editing integration. ([#1634](https://github.com/Sitecore/jss/pull/1634))
+* `[templates/nextjs]` Fix custom headers. Now in cors-header plugin extends custom headers from next.config.js file. ([#1637](https://github.com/Sitecore/jss/pull/1637))
 
 ### 🐛 Bug Fixes
 
diff --git a/packages/create-sitecore-jss/src/templates/nextjs/src/lib/next-config/plugins/cors-header.js b/packages/create-sitecore-jss/src/templates/nextjs/src/lib/next-config/plugins/cors-header.js
index b8f6385210..310c02def8 100644
--- a/packages/create-sitecore-jss/src/templates/nextjs/src/lib/next-config/plugins/cors-header.js
+++ b/packages/create-sitecore-jss/src/templates/nextjs/src/lib/next-config/plugins/cors-header.js
@@ -9,7 +9,9 @@ const corsHeaderPlugin = (nextConfig = {}) => {
   }
   return Object.assign({}, nextConfig, {
     async headers() {
+      const extendHeaders = typeof nextConfig.headers === "function" ? await nextConfig.headers() : [];
       return [
+        ...await extendHeaders,
         {
           source: '/_next/:path*',
           headers: [{ key: 'Access-Control-Allow-Origin', value: config.sitecoreApiHost }],