diff --git a/src/runtime/server/middleware/corsHandler.ts b/src/runtime/server/middleware/corsHandler.ts
index 28e0701f..fd8b88ab 100644
--- a/src/runtime/server/middleware/corsHandler.ts
+++ b/src/runtime/server/middleware/corsHandler.ts
@@ -16,7 +16,7 @@ export default defineEventHandler((event) => {
     }
 
     if (origin && origin !== '*' && corsHandler.useRegExp) {
-      origin = origin.map((o) => new RegExp(o))
+      origin = origin.map((o) => new RegExp(o, 'i'))
     }
 
     handleCors(event, {
diff --git a/test/cors.test.ts b/test/cors.test.ts
index 7cae84ae..31ff2365 100644
--- a/test/cors.test.ts
+++ b/test/cors.test.ts
@@ -57,6 +57,11 @@ describe('[nuxt-security] CORS', async () => {
     expect(res.headers.get('Access-Control-Allow-Origin')).toBeNull()
   })
 
+  it('should match origins with regular expressions in a case-insensitive way', async () => {
+    const res = await fetch('/regexp-single', { headers: { origin: 'https://A.EXAMPLE.COM' } })
+    expect(res.headers.get('Access-Control-Allow-Origin')).toBe('https://A.EXAMPLE.COM')
+  })
+
   it('should support multiple regular expressions', async () => {
     let res = await fetch('/regexp-multi', { headers: { origin: 'https://a.example.com' } })
     expect(res.headers.get('Access-Control-Allow-Origin')).toBe('https://a.example.com')