diff --git a/src/handlers/git.js b/src/handlers/git.js
index 9a2a703..9e45c26 100644
--- a/src/handlers/git.js
+++ b/src/handlers/git.js
@@ -97,7 +97,7 @@ export async function handleGit(request, reply) {
   if (request.method === 'OPTIONS') {
     reply.header('Access-Control-Allow-Origin', '*');
     reply.header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
-    reply.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+    reply.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, Git-Protocol');
     return reply.code(200).send();
   }
 
@@ -217,7 +217,7 @@ export async function handleGit(request, reply) {
           // Add CORS headers for browser git clients
           reply.raw.setHeader('Access-Control-Allow-Origin', '*');
           reply.raw.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
-          reply.raw.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+          reply.raw.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, Git-Protocol');
 
           reply.raw.writeHead(statusCode);
           headersSent = true;