diff --git a/lib/cors-anywhere.js b/lib/cors-anywhere.js
index e20ed46..682ac58 100644
--- a/lib/cors-anywhere.js
+++ b/lib/cors-anywhere.js
@@ -51,8 +51,9 @@ function withCORS(headers, request) {
   }
 
   var exposedHeaders = headers['access-control-expose-headers'] || '';
-  if (exposedHeaders) exposedHeaders += ',';
-  exposedHeaders += 'location,x-request-url';
+  if (!/,\s*location\s*,/i.test(','+exposedHeaders+',')) exposedHeaders += ',location';
+  if (!/,\s*x-request-url\s*,/i.test(','+exposedHeaders+',')) exposedHeaders += ',x-request-url';
+  if (exposedHeaders.charAt(0) === ',') exposedHeaders = exposedHeaders.substr(1);
   headers['access-control-expose-headers'] = exposedHeaders;
 
   return headers;
@@ -130,7 +131,7 @@ var getHandler = exports.getHandler = function(options) {
     } else {
       // Actual request. First, extract the desired URL from the request:
       var full_url, host, hostname, port, path, match;
-      match = req.url.match(/^\/(?:(https?:)?\/\/)?(([^\/?]+?)(?::(\d{0,5})(?=[\/?]|$))?)([\/?][\S\s]*|$)/i);
+      match = req.url.match(/^\/?(?:(https?:)?\/\/)?(([^\/?]+?)(?::(\d{0,5})(?=[\/?]|$))?)([\/?][\S\s]*|$)/i);
       //                            ^^^^^^^          ^^^^^^^^      ^^^^^^^                ^^^^^^^^^^^^
       //                          1:protocol       3:hostname     4:port                 5:path + query string
       //                                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^