diff --git a/sample-proxies/cors/README.md b/sample-proxies/cors/README.md
new file mode 100644
index 00000000..88520257
--- /dev/null
+++ b/sample-proxies/cors/README.md
@@ -0,0 +1,56 @@
+#CORS Implementation
+
+This sample demonstrates how you can use the CORS policy to
+support browsers CORS request.
+
+Cross-Origin Resource Sharing (CORS) is a W3C spec that allows cross-domain communication from the browser.
+By building on top of the XMLHttpRequest object, CORS allows developers to work with the same idioms as same-domain requests.
+
+The use-case for CORS is simple.
+Imagine the site abc.com has some data that the site xyz.com wants to access. This type of request traditionally wouldn’t be allowed under the browser’s same origin policy.
+However, by supporting CORS requests, abc.com can add a few special response headers that allows xyz.com to access the data.
+
+As you can see from this example, CORS support requires coordination between both the server and client.
+In the Add-CORS policy , there is a Access-Control-Allow-Headers where we have added an additional entry 'X-Custom-CORS' apart from standard Allow Headers .
+
+
+
+# Configure
+
+Update `/setup/setenv.sh` with your environment details
+
+# Import and deploy sample project
+
+To deploy, run `$ sh deploy.sh`
+
+To test via curl, run `$ sh invoke.sh`
+
+Additionally you can test CORS with javascript.
+Please edit the index.html file and look for org and env variable . Change it with your settings.
+
+Put it in any web server and access it as
+http://localhost/demo/index.html
+
+
+Trace the functionality in API Management Portal .
+You will see two requests - The first one being the OPTIONS request and then the GET request.
+Look for Origin Header , OPTION request and some response headers set by OPTIONS request.
+
+
+# Get help
+
+For assistance, post to the [Apigee Developer Forum](http://support.apigee.com)
+
+Copyright © 2013 Apigee Corporation
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use
+this file except in compliance with the License. You may obtain a copy
+of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/sample-proxies/cors/apiproxy/.DS_Store b/sample-proxies/cors/apiproxy/.DS_Store
new file mode 100644
index 00000000..d5745d79
Binary files /dev/null and b/sample-proxies/cors/apiproxy/.DS_Store differ
diff --git a/sample-proxies/cors/apiproxy/CORS.xml b/sample-proxies/cors/apiproxy/CORS.xml
new file mode 100755
index 00000000..77522b69
--- /dev/null
+++ b/sample-proxies/cors/apiproxy/CORS.xml
@@ -0,0 +1,3 @@
+
+
+
diff --git a/sample-proxies/cors/apiproxy/policies/Add-CORS.xml b/sample-proxies/cors/apiproxy/policies/Add-CORS.xml
new file mode 100644
index 00000000..47121552
--- /dev/null
+++ b/sample-proxies/cors/apiproxy/policies/Add-CORS.xml
@@ -0,0 +1,15 @@
+
+
+ Add-CORS
+
+
+
+
+
+ origin, x-requested-with, accept,X-Custom-CORS
+
+
+
+ true
+
+
diff --git a/sample-proxies/cors/apiproxy/policies/ContentListings.xml b/sample-proxies/cors/apiproxy/policies/ContentListings.xml
new file mode 100755
index 00000000..d68f97d8
--- /dev/null
+++ b/sample-proxies/cors/apiproxy/policies/ContentListings.xml
@@ -0,0 +1,7 @@
+
+
+ ContentListings
+
+
+ jsc://contentlisting.js
+
diff --git a/sample-proxies/cors/apiproxy/proxies/default.xml b/sample-proxies/cors/apiproxy/proxies/default.xml
new file mode 100755
index 00000000..11473ece
--- /dev/null
+++ b/sample-proxies/cors/apiproxy/proxies/default.xml
@@ -0,0 +1,40 @@
+
+
+
+
+
+
+
+
+
+
+
+
+ ContentListings
+
+
+ (proxy.pathsuffix MatchesPath "/content-listing") and (request.verb = "GET")
+
+
+
+
+
+
+
+ add-cors
+
+
+
+
+
+
+
+
+
+ /v1/cors
+
+ default
+ secure
+
+
+
diff --git a/sample-proxies/cors/apiproxy/resources/jsc/contentlisting.js b/sample-proxies/cors/apiproxy/resources/jsc/contentlisting.js
new file mode 100644
index 00000000..b4316976
--- /dev/null
+++ b/sample-proxies/cors/apiproxy/resources/jsc/contentlisting.js
@@ -0,0 +1,18 @@
+var books = {
+ book: []
+};
+
+
+for (var i=0 ; i < 10 ; i++) {
+
+books.book.push({
+ "id" : i,
+ "title" : "book title " + i,
+ "author" : "book author " + i,
+ "comments" : "book comments " + i
+});
+
+}
+
+context.setVariable("response.content", JSON.stringify(books));
+context.setVariable("response.header.Content-Type" , "application/json");
diff --git a/sample-proxies/cors/demo/index.html b/sample-proxies/cors/demo/index.html
new file mode 100644
index 00000000..0ebb829f
--- /dev/null
+++ b/sample-proxies/cors/demo/index.html
@@ -0,0 +1,125 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/sample-proxies/cors/deploy.sh b/sample-proxies/cors/deploy.sh
new file mode 100755
index 00000000..ee892b0d
--- /dev/null
+++ b/sample-proxies/cors/deploy.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+source ../../setup/setenv.sh
+
+echo "Enter your password for the Apigee Enterprise organization $org, followed by [ENTER]:"
+
+read -s password
+
+echo Deploying $proxy to $env on $url using $username and $org
+
+../../tools/deploy.py -n cors -u $username:$password -o $org -h $url -e $env -p / -d ../cors
+
+echo "If 'State: deployed', then your API Proxy is ready to be invoked."
+
+echo "Run 'invoke.sh'"
diff --git a/sample-proxies/cors/invoke.sh b/sample-proxies/cors/invoke.sh
new file mode 100755
index 00000000..7c087009
--- /dev/null
+++ b/sample-proxies/cors/invoke.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+echo Using org and environment configured in /setup/setenv.sh, $org and $env
+
+source ../../setup/setenv.sh
+echo "Making Options request"
+curl -X OPTIONS -H "X-Custom-CORS:test" http://$org-$env.apigee.net/v1/cors/content-listing
+echo "Making request with header"
+curl -H "X-Custom-CORS:Valid Cors" http://$org-$env.apigee.net/v1/cors/content-listing
+echo ""