diff --git a/config/endpoints/matrix.nix b/config/endpoints/matrix.nix
index 7c81689..8ea90ed 100644
--- a/config/endpoints/matrix.nix
+++ b/config/endpoints/matrix.nix
@@ -29,6 +29,19 @@ in
       proxyWebsockets = true;
     };
   }
+  # {
+  #   type = "proxy";
+  #   domain = net.devices.remote_proxy.domain;
+  #   endpoint = "/.well-known/matrix/";
+  #   force_ssl = true;
+  #   port = 443;
+  #   content = {
+  #     type = "service";
+  #     ip = net.devices.pi.ip;
+  #     port = services.continuwuity.port;
+  #     proxyWebsockets = true;
+  #   };
+  # }
   {
     type = "inline";
     domain = net.devices.remote_proxy.domain;
@@ -37,6 +50,11 @@ in
     port = 443;
     content = {
       contentType = "application/json";
+      headers = {
+        Access-Control-Allow-Origin = "*";
+        Access-Control-Allow-Methods = "GET, POST, PUT, DELETE, OPTIONS";
+        Access-Control-Allow-Headers = "X-Requested-With, Content-Type, Authorization";
+      };
       status = 200;
       body = ''{"m.server":"${net.devices.remote_proxy.domain}:443"}'';
     };
@@ -49,20 +67,13 @@ in
     port = 443;
     content = {
       contentType = "application/json";
+      headers = {
+        Access-Control-Allow-Origin = "*";
+        Access-Control-Allow-Methods = "GET, POST, PUT, DELETE, OPTIONS";
+        Access-Control-Allow-Headers = "X-Requested-With, Content-Type, Authorization";
+      };
       status = 200;
-      body = ''
-        {
-          "m.homeserver": {
-            "base_url": "https://${net.devices.remote_proxy.domain}"
-          },
-          "org.matrix.msc4143.rtc_foci": [
-            {
-              "type": "livekit",
-              "livekit_service_url": "https://livekit.${net.devices.remote_proxy.domain}"
-            }
-          ]
-        }
-      '';
+      body = ''{"m.homeserver": {"base_url": "https://${net.devices.remote_proxy.domain}"},"org.matrix.msc3575.proxy":{"url":"https://nudelerde.de/"},"org.matrix.msc4143.rtc_foci": [{"type": "livekit","livekit_service_url": "https://livekit.${net.devices.remote_proxy.domain}"}]}'';
     };
   }
 ]
\ No newline at end of file
diff --git a/config/services.nix b/config/services.nix
index ae8027c..c0ab036 100644
--- a/config/services.nix
+++ b/config/services.nix
@@ -8,7 +8,7 @@ rec {
     server_name = "nudelerde.de";
     trusted_servers = [ "matrix.org" ];
     memory_max = "512M";
-    livekit_url = "https://livekit.nudelerde.de/livekit/jwt";
+    livekit_url = "https://livekit.nudelerde.de";
 
     package = {
       version = "0.5.6";
diff --git a/intermediate/nginx.nix b/intermediate/nginx.nix
index 3b17093..85a8f6f 100644
--- a/intermediate/nginx.nix
+++ b/intermediate/nginx.nix
@@ -241,6 +241,14 @@ let
             route.content.contentType
           else
             "text/plain; charset=utf-8";
+        inlineHeaders =
+          if builtins.isAttrs route.content && route.content ? headers then
+            route.content.headers
+          else
+            {};
+        inlineHeaderLines = lib.concatStringsSep "\n" (
+          lib.mapAttrsToList (name: value: "            add_header ${name} ${builtins.toJSON value} always;") inlineHeaders
+        );
       in
       {
         name = "= ${route.endpoint}";
@@ -248,6 +256,7 @@ let
           return = "${toString inlineStatus} ${builtins.toJSON inlineBody}";
           extraConfig = ''
             default_type ${inlineContentType};
+${lib.optionalString (inlineHeaderLines != "") inlineHeaderLines}
           '';
         };
       }
diff --git a/validation/endpoints.nix b/validation/endpoints.nix
index 50c7c7d..410eba1 100644
--- a/validation/endpoints.nix
+++ b/validation/endpoints.nix
@@ -5,7 +5,7 @@ let
   allowedProxyContentKeys = [ "type" "ip" "port" "proxyWebsockets" ];
   allowedWebContentKeys = [ "type" "files" ];
   allowedWebFileKeys = [ "path" "filePath" "contentType" "status" ];
-  allowedInlineContentKeys = [ "body" "contentType" "status" ];
+  allowedInlineContentKeys = [ "body" "contentType" "headers" "status" ];
   allowedRedirectContentKeys = [ "target" "status" ];
 
   ensureNoUnknownKeys = context: obj: allowedKeys:
@@ -168,6 +168,20 @@ let
                     null
                   else
                     throw "Inline endpoint at index ${toString index} content.contentType must be a non-empty string when provided.";
+                ________ =
+                  if contentValue ? headers then
+                    if builtins.isAttrs contentValue.headers then
+                      let
+                        headerValues = builtins.attrValues contentValue.headers;
+                      in
+                        if lib.all (value: builtins.isString value && value != "") headerValues then
+                          null
+                        else
+                          throw "Inline endpoint at index ${toString index} content.headers values must be non-empty strings."
+                    else
+                      throw "Inline endpoint at index ${toString index} content.headers must be an attrset when provided."
+                  else
+                    null;
                 _______ =
                   if !(contentValue ? status) || builtins.isInt contentValue.status then
                     null