diff --git a/docs_src/cors/tutorial001.py b/docs_src/cors/tutorial001.py
index d59ab27ac..c73026e0e 100644
--- a/docs_src/cors/tutorial001.py
+++ b/docs_src/cors/tutorial001.py
@@ -14,8 +14,8 @@ app.add_middleware(
     CORSMiddleware,
     allow_origins=origins,
     allow_credentials=True,
-    allow_methods=["*"],
-    allow_headers=["*"],
+    allow_methods=["GET"],
+    allow_headers=["X-Example"],
 )
 
 
diff --git a/tests/test_tutorial/test_cors/test_tutorial001.py b/tests/test_tutorial/test_cors/test_tutorial001.py
index f62c9df4f..b0b9dae53 100644
--- a/tests/test_tutorial/test_cors/test_tutorial001.py
+++ b/tests/test_tutorial/test_cors/test_tutorial001.py
@@ -18,7 +18,10 @@ def test_cors():
         response.headers["access-control-allow-origin"]
         == "https://localhost.tiangolo.com"
     )
-    assert response.headers["access-control-allow-headers"] == "X-Example"
+    expected_headers = (
+        "Accept, Accept-Language, Content-Language, Content-Type, X-Example"
+    )
+    assert response.headers["access-control-allow-headers"] == expected_headers
 
     # Test standard response
     headers = {"Origin": "https://localhost.tiangolo.com"}