diff --git a/README.md b/README.md
index aa8f9304c..de297dc9f 100644
--- a/README.md
+++ b/README.md
@@ -500,6 +500,21 @@ app.delete('/mcp', handleSessionRequest);
 app.listen(3000);
 ```
 
+> [!TIP]
+> When using this in a remote environment, make sure to allow the header parameter `mcp-session-id` in CORS. Otherwise, it may result in a `Bad Request: No valid session ID provided` error. 
+> 
+> For example, in Node.js you can configure it like this:
+> 
+> ```ts
+> app.use(
+>   cors({
+>     origin: ['https://your-remote-domain.com, https://your-other-remote-domain.com'],
+>     exposedHeaders: ['mcp-session-id'],
+>     allowedHeaders: ['Content-Type', 'mcp-session-id'],
+>   })
+> );
+> ```
+
 #### Without Session Management (Stateless)
 
 For simpler use cases where session management isn't needed: