I am trying to workaround CORS restriction on a WebGL application. I have a Web Service which resolves URL and returns images. Since this web service is not CORS enabled, I can't use the returned images as textures. I was planning to: Write a PHP script to handle image requests Image requests would be sent through the query string as a url parameter The PHP Script will: Call the web service with the query string url Fetch the image response (web service returns a content-type:image response) Add the CORS header (Add Access-Control-Allow-Origin) to the response Send the response to the browser I tried to implement this using a variety of techniques including CURL, HTTPResponse, plain var_dump etc. but got stuck at some point in each. So I have 2 questions: Is the approach good enough? Considering the approach is good enough: I made the most progress with CURL. I could get the image header and data with: $ch = curl_init(); $url = $_GET["url"]; curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type:image/jpeg')); //Execute request $response = curl_exec($ch); //get the default response headers $headers = curl_getinfo($ch); //close connection curl_close($ch); But this doesn't actually change set the response content-type to image/jpeg. It dumps the header + response into a new response of content-type text/html and display the header and the image BLOB data in the browser. How do I get it to send the response in the format I want? Managed to get it working: $ch = curl_init(); $url = $_GET["url"]; curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, false); //Execute request $response = curl_exec($ch); //get the default response headers $headers = curl_getinfo($ch); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); header('Content-Type: image/jpeg'); header("Access-Control-Allow-Origin: *"); // header("Expires: Sat, 26 Jul 2017 05:00:00 GMT"); //close connection curl_close($ch); flush();