diff --git a/apps/api/src/utils/auth.ts b/apps/api/src/utils/auth.ts
index b32c3d65..8fda2d13 100644
--- a/apps/api/src/utils/auth.ts
+++ b/apps/api/src/utils/auth.ts
@@ -104,6 +104,10 @@ export async function validateSdkRequest(
     throw createError('Ingestion: Profile id is blocked by project filter');
   }
 
+  if (client.ignoreCorsAndSecret) {
+    return client;
+  }
+
   if (client.project.cors) {
     const domainAllowed = client.project.cors.find((domain) => {
       const cleanedDomain = cleanDomain(domain);
diff --git a/packages/db/prisma/migrations/20251029200725_ignore_secret_and_cors/migration.sql b/packages/db/prisma/migrations/20251029200725_ignore_secret_and_cors/migration.sql
new file mode 100644
index 00000000..11bf6822
--- /dev/null
+++ b/packages/db/prisma/migrations/20251029200725_ignore_secret_and_cors/migration.sql
@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "public"."clients" ADD COLUMN     "ignoreCorsAndSecret" BOOLEAN NOT NULL DEFAULT false;
diff --git a/packages/db/prisma/schema.prisma b/packages/db/prisma/schema.prisma
index 72e45bd8..def5169e 100644
--- a/packages/db/prisma/schema.prisma
+++ b/packages/db/prisma/schema.prisma
@@ -250,6 +250,8 @@ model Client {
   organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
   organizationId String
 
+  ignoreCorsAndSecret Boolean @default(false)
+
   createdAt DateTime @default(now())
   updatedAt DateTime @default(now()) @updatedAt