diff --git a/plugins/wasm-go/extensions/frontend-gray/config/config.go b/plugins/wasm-go/extensions/frontend-gray/config/config.go
index b624efa3b..43d7225c4 100644
--- a/plugins/wasm-go/extensions/frontend-gray/config/config.go
+++ b/plugins/wasm-go/extensions/frontend-gray/config/config.go
@@ -13,6 +13,7 @@ const (
 	IsPageRequest   = "is-page-request"
 	IsNotFound      = "is-not-found"
 	EnabledGray     = "enabled-gray"
+	SecFetchMode    = "sec-fetch-mode"
 )
 
 type LogInfo func(format string, args ...interface{})
diff --git a/plugins/wasm-go/extensions/frontend-gray/main.go b/plugins/wasm-go/extensions/frontend-gray/main.go
index 94d4d8a86..c238b26f4 100644
--- a/plugins/wasm-go/extensions/frontend-gray/main.go
+++ b/plugins/wasm-go/extensions/frontend-gray/main.go
@@ -44,6 +44,8 @@ func onHttpRequestHeaders(ctx wrapper.HttpContext, grayConfig config.GrayConfig,
 	}
 	enabledGray := util.IsGrayEnabled(grayConfig, requestPath)
 	ctx.SetContext(config.EnabledGray, enabledGray)
+	secFetchMode, _ := proxywasm.GetHttpRequestHeader("sec-fetch-mode")
+	ctx.SetContext(config.SecFetchMode, secFetchMode)
 
 	if !enabledGray {
 		log.Infof("gray not enabled")
@@ -133,6 +135,10 @@ func onHttpResponseHeader(ctx wrapper.HttpContext, grayConfig config.GrayConfig,
 		ctx.DontReadResponseBody()
 		return types.ActionContinue
 	}
+	secFetchMode, isSecFetchModeOk := ctx.GetContext(config.SecFetchMode).(string)
+	if isSecFetchModeOk && secFetchMode == "cors" {
+		proxywasm.ReplaceHttpResponseHeader("cache-control", "no-cache, no-store, max-age=0, must-revalidate")
+	}
 	isPageRequest, ok := ctx.GetContext(config.IsPageRequest).(bool)
 	if !ok {
 		isPageRequest = false // 默认值