diff --git a/middleware/cors.ts b/middleware/cors.ts
index b032556..dde5705 100644
--- a/middleware/cors.ts
+++ b/middleware/cors.ts
@@ -72,7 +72,7 @@ export function cors({
         req,
       );
       if (isValidOrigin === false) return;
-      setAccessControlRequestMethods(methods, req);
+      setAccessControlRequestMethod(methods, req);
       setAccessControlRequestHeaders(allowedHeaders, req);
       setAcessControlExposeHeaders(exposedHeaders, req);
 
@@ -128,8 +128,8 @@ function setAccessControlAllowOrigin(
   }
 }
 
-function setAccessControlRequestMethods(methods: string[], req: ServerRequest) {
-  const requestMethods = req.headers.get("access-control-request-methods");
+function setAccessControlRequestMethod(methods: string[], req: ServerRequest) {
+  const requestMethods = req.headers.get("access-control-request-method");
   if (requestMethods && methods.length > 0) {
     const list = requestMethods.split(",").map((v) => v.trim());
     const allowed = list.filter((v) => methods.includes(v));
diff --git a/middleware/cors_test.ts b/middleware/cors_test.ts
index 34d9a91..494737a 100644
--- a/middleware/cors_test.ts
+++ b/middleware/cors_test.ts
@@ -9,7 +9,7 @@ group("cors", (t) => {
       method: "OPTIONS",
       headers: new Headers({
         "origin": "https://servestjs.org",
-        "access-control-request-methods": "GET,HEAD,POST",
+        "access-control-request-method": "GET",
         "access-control-request-headers": "x-servest-version",
       }),
     });
@@ -30,7 +30,7 @@ group("cors", (t) => {
     );
     assertEquals(
       resp.headers.get("access-control-allow-methods"),
-      "GET, HEAD",
+      "GET",
     );
     assertEquals(
       resp.headers.get("access-control-allow-headers"),