diff --git a/lib/travis/api/app/cors.rb b/lib/travis/api/app/cors.rb
index cfbe133c..1b93c751 100644
--- a/lib/travis/api/app/cors.rb
+++ b/lib/travis/api/app/cors.rb
@@ -15,6 +15,11 @@ class Travis::Api::App
     options // do
       headers['Access-Control-Allow-Methods'] = "HEAD, GET, POST, PATCH, PUT, DELETE"
       headers['Access-Control-Allow-Headers'] = "Content-Type, Authorization, Accept, If-None-Match, If-Modified-Since, X-User-Agent, Travis-API-Version"
+
+      # cache OPTIONS for 24 hours to avoid excessive preflight requests and speed up access
+      # browsers might still limit this value to 10 minutes, see caveats
+      # http://stackoverflow.com/a/12021982
+      headers['Access-Control-Max-Age'] = "86400"
     end
   end
 end
diff --git a/spec/unit/cors_spec.rb b/spec/unit/cors_spec.rb
index f5c6b0fd..a1e5e994 100644
--- a/spec/unit/cors_spec.rb
+++ b/spec/unit/cors_spec.rb
@@ -46,5 +46,9 @@ describe Travis::Api::App::Cors do
     it 'sets Access-Control-Allow-Headers' do
       headers['Access-Control-Allow-Headers'].should == "Content-Type, Authorization, Accept, If-None-Match, If-Modified-Since, X-User-Agent, Travis-API-Version"
     end
+
+    it 'sets Access-Control-Max-Age' do
+      headers['Access-Control-Max-Age'].should == "86400"
+    end
   end
 end