diff --git a/lib/cors-anywhere.js b/lib/cors-anywhere.js
index eb1d503..058f033 100644
--- a/lib/cors-anywhere.js
+++ b/lib/cors-anywhere.js
@@ -77,29 +77,30 @@ function proxyRequest(req, res, proxy, full_url, proxyOptions) {
       headers = reasonPhrase;
       reasonPhrase = undefined;
     }
-    if (!headers) headers = withCORS({}, req);
-    else {
-      withCORS(headers, req);
-      
-      // Handle redirects
-      if (statusCode === 301 || statusCode === 302 || statusCode === 303 || statusCode === 307 || statusCode === 308) {
-        if (headers['location']) {
-          headers['location'] = url.resolve(full_url, headers['location']);
-        }
-        // Put redirect URL in status text so that user agents that do not recognize the Access-Control-Expose-Headers
-        // response header can still read the target URL.
-        reasonPhrase = statusCode + ' ' + (headers['location'] || '');
-        // Don't use 301 or 302 because browsers may cancel the request (observed in Chrome with a custom request header)
-        statusCode = 333;
+    headers = withCORS(headers || {}, req);
+    withCORS(headers, req);
+
+    // Handle redirects
+    if (statusCode === 301 || statusCode === 302 || statusCode === 303 || statusCode === 307 || statusCode === 308) {
+      var locationHeader = headers['location'] || res.getHeader('location');
+      if (locationHeader) {
+        headers['location'] = url.resolve(full_url, locationHeader);
       }
-
-      // Don't slip through cookies
-      delete headers['set-cookie'];
-      delete headers['set-cookie2'];
-
-      // Informational purposes
-      headers['x-request-url'] = full_url;
+      // Put redirect URL in status text so that user agents that do not recognize the Access-Control-Expose-Headers
+      // response header can still read the target URL.
+      reasonPhrase = statusCode + ' ' + (headers['location'] || '');
+      // Don't use 301 or 302 because browsers may cancel the request (observed in Chrome with a custom request header)
+      statusCode = 333;
     }
+
+    // Don't slip through cookies
+    delete headers['set-cookie'];
+    delete headers['set-cookie2'];
+    res.removeHeader('set-cookie');
+    res.removeHeader('set-cookie2');
+
+    headers['x-request-url'] = full_url;
+
     if (reasonPhrase) {
       return res_writeHead.call(res, statusCode, reasonPhrase, headers);
     } else {
diff --git a/package.json b/package.json
index 8ba46fb..e326e59 100644
--- a/package.json
+++ b/package.json
@@ -1,9 +1,9 @@
 {
   "name": "cors-anywhere",
-  "version": "0.1.3",
+  "version": "0.1.4",
   "description": "CORS Anywhere is a reverse proxy which adds CORS headers to the proxied request. Request URL is taken from the path", 
   "license": "MIT",
-  "author": "Rob W <gwnRob@gmail.com>",
+  "author": "Rob Wu <gwnRob@gmail.com>",
   "repository": {
       "type": "git",
       "url": "https://github.com/Rob--W/cors-anywhere.git"