diff --git a/internal/middleware/cors.go b/internal/middleware/cors.go
index 1b7747c3a..22e2e81d5 100644
--- a/internal/middleware/cors.go
+++ b/internal/middleware/cors.go
@@ -54,6 +54,11 @@ func CORS() gin.HandlerFunc {
 			// needed to pass oauth bearer tokens
 			"Authorization",
 
+			// Some clients require this; see:
+			//   - https://docs.joinmastodon.org/methods/statuses/#headers
+			//   - https://github.com/superseriousbusiness/gotosocial/issues/1664
+			"Idempotency-Key",
+
 			// needed for websocket upgrade requests
 			"Upgrade",
 			"Sec-WebSocket-Extensions",