diff --git a/backend/routes/incidents.py b/backend/routes/incidents.py
index 7170be511..57f47ca63 100644
--- a/backend/routes/incidents.py
+++ b/backend/routes/incidents.py
@@ -109,13 +109,14 @@ def search_incidents():
         page=body.page, per_page=body.perPage, max_per_page=100
     )
 
+    track_to_mp(request, "search_incidents", {
+        "description": body.description,
+        "location": body.location,
+        "dateStart": body.dateStart,
+        "dateEnd": body.dateEnd,
+    })
+
     try:
-        track_to_mp(request, "search_incidents", {
-            "description": body.description,
-            "location": body.location,
-            "dateStart": body.dateStart,
-            "dateEnd": body.dateEnd,
-        })
         return {
             "results": [
                 incident_orm_to_json(result) for result in results.items
diff --git a/frontend/next.config.js b/frontend/next.config.js
index f450b7577..e5e181e6a 100644
--- a/frontend/next.config.js
+++ b/frontend/next.config.js
@@ -1,4 +1,22 @@
 module.exports = {
+  headers() {
+    return [
+      {
+        // matching all API routes
+        source: "/api/:path*",
+        headers: [
+          { key: "Access-Control-Allow-Credentials", value: "true" },
+          { key: "Access-Control-Allow-Origin", value: "*" }, // replace this your actual origin
+          { key: "Access-Control-Allow-Methods", value: "GET,DELETE,PATCH,POST,PUT" },
+          {
+            key: "Access-Control-Allow-Headers",
+            value:
+              "X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version"
+          }
+        ]
+      }
+    ]
+  },
   eslint: {
     dirs: ["tests", "shared-components", "pages", "models", "helpers", "compositions"]
   }