diff --git a/.gitignore b/.gitignore
index 5b9add5..399eadd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 .env
 node_modules
 dist
-openapi.json
\ No newline at end of file
+openapi.json
+/.claude
\ No newline at end of file
diff --git a/src/app.ts b/src/app.ts
index 750766f..9f208d5 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -5,7 +5,6 @@ import cors from "cors";
 import { httpLogger } from "@config/logger";
 import v1Router from "./routes/v1.route";
 import errorHandler from "./middlewares/errorHandler";
-import { notFound } from "./middlewares/notFound";
 import cookieParser from "cookie-parser";
 import { COOKIE_SECRET, FRONTEND_BASE_URL, NODE_ENV } from "@config/env";
 import swaggerUi from "swagger-ui-express";
@@ -41,19 +40,19 @@ const authLimiter = rateLimit({
 
 app.set("trust proxy", 1);
 app.use(helmet());
-app.use(limiter);
 app.use(
   cors({
     origin: (origin, callback) => {
       if (!origin || origin === FRONTEND_BASE_URL) {
         callback(null, true);
       } else {
-        callback(new Error("Not allowed by CORS"));
+        callback(null, false);
       }
     },
     credentials: true,
   }),
 );
+app.use(limiter);
 app.use(cookieParser(COOKIE_SECRET));
 app.use(express.json({ limit: "100kb" }));
 app.use(httpLogger);
@@ -77,7 +76,6 @@ app.get("/api/health", (req, res) => {
   res.send({ status: "ok" });
 });
 
-app.use(notFound);
 app.use((err: Error, req: Request, res: Response, next: NextFunction) =>
   errorHandler(err, req, res, next),
 );
diff --git a/src/middlewares/notFound.ts b/src/middlewares/notFound.ts
index 5da7b13..6909afc 100644
--- a/src/middlewares/notFound.ts
+++ b/src/middlewares/notFound.ts
@@ -1,6 +1,7 @@
 import { Request, Response } from "express";
 
-export function notFound(req: Request, res: Response) {
+export function notFound(_req: Request, res: Response) {
+  if (res.headersSent) return;
   res.status(404).json({
     success: false,
     message: "Resource not found",
diff --git a/src/server.ts b/src/server.ts
index 5678f13..b85e9ff 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -17,6 +17,13 @@ process.on("unhandledRejection", (reason) => {
 });
 
 process.on("uncaughtException", (err) => {
+  if (err && (err as NodeJS.ErrnoException).code === "ERR_HTTP_HEADERS_SENT") {
+    logger.warn(
+      { err },
+      "Suppressed ERR_HTTP_HEADERS_SENT (headers already sent)",
+    );
+    return;
+  }
   logger.fatal({ err }, "Uncaught Exception — shutting down");
   gracefulShutdown(1);
 });