diff --git a/spec/v2/providers/https.spec.ts b/spec/v2/providers/https.spec.ts
index f41dd2f90..1d7d30ae3 100644
--- a/spec/v2/providers/https.spec.ts
+++ b/spec/v2/providers/https.spec.ts
@@ -215,6 +215,33 @@ describe("onRequest", () => {
 
     sinon.restore();
   });
+
+  it("should NOT add CORS headers if debug feature is enabled and cors has value false", async () => {
+    sinon.stub(debug, "isDebugFeatureEnabled").withArgs("enableCors").returns(true);
+
+    const func = https.onRequest({ cors: false }, (req, res) => {
+      res.status(200).send("Good");
+    });
+
+    const req = new MockRequest(
+      {
+        data: {},
+      },
+      {
+        "Access-Control-Request-Method": "POST",
+        "Access-Control-Request-Headers": "origin",
+        origin: "example.com",
+      }
+    );
+    req.method = "OPTIONS";
+
+    const resp = await runHandler(func, req as any);
+    expect(resp.status).to.equal(200);
+    expect(resp.body).to.be.equal("Good");
+    expect(resp.headers).to.deep.equal({});
+
+    sinon.restore();
+  });
 });
 
 describe("onCall", () => {
diff --git a/src/v2/providers/https.ts b/src/v2/providers/https.ts
index 600a1105b..5f046ed1c 100644
--- a/src/v2/providers/https.ts
+++ b/src/v2/providers/https.ts
@@ -230,7 +230,12 @@ export function onRequest(
   }
 
   if (isDebugFeatureEnabled("enableCors") || "cors" in opts) {
-    const origin = isDebugFeatureEnabled("enableCors") ? true : opts.cors;
+    let origin = opts.cors;
+    if (isDebugFeatureEnabled("enableCors")) {
+      // Respect `cors: false` to turn off cors even if debug feature is enabled.
+      origin = opts.cors === false ? false : true;
+    }
+
     const userProvidedHandler = handler;
     handler = (req: Request, res: express.Response): void | Promise<void> => {
       return new Promise((resolve) => {