diff --git a/lib/client/http-tracker.js b/lib/client/http-tracker.js
index 890c1ea6..3e9c5912 100644
--- a/lib/client/http-tracker.js
+++ b/lib/client/http-tracker.js
@@ -3,12 +3,23 @@ const bencode = require('bencode')
 const compact2string = require('compact2string')
 const debug = require('debug')('bittorrent-tracker:http-tracker')
 const get = require('simple-get')
+const querystring = require('querystring-browser')
 
 const common = require('../common')
 const Tracker = require('./tracker')
 
 const HTTP_SCRAPE_SUPPORT = /\/(announce)[^/]*$/
 
+const REQUEST_TIMEOUT = 15000
+const DESTROY_TIMEOUT = 1000
+
+const querystringStringify = obj => {
+  let ret = querystring.stringify(obj, null, null, { encodeURIComponent: escape })
+  ret = ret.replace(/[@*/+]/g, char => // `escape` doesn't encode the characters @*/+ so we do it manually
+  `%${char.charCodeAt(0).toString(16).toUpperCase()}`)
+  return ret
+}
+
 /**
  * HTTP torrent tracker client (for an individual tracker)
  *
@@ -86,7 +97,7 @@ class HTTPTracker extends Tracker {
 
     // Otherwise, wait a short time for pending requests to complete, then force
     // destroy them.
-    timeout = setTimeout(destroyCleanup, common.DESTROY_TIMEOUT)
+    timeout = setTimeout(destroyCleanup, DESTROY_TIMEOUT)
 
     // But, if all pending requests complete before the timeout fires, do cleanup
     // right away.
@@ -111,13 +122,13 @@ class HTTPTracker extends Tracker {
   _request (requestUrl, params, cb) {
     const self = this
     const u = requestUrl + (!requestUrl.includes('?') ? '?' : '&') +
-      common.querystringStringify(params)
+      querystringStringify(params)
 
     this.cleanupFns.push(cleanup)
 
     let request = get.concat({
       url: u,
-      timeout: common.REQUEST_TIMEOUT,
+      timeout: REQUEST_TIMEOUT,
       headers: {
         'user-agent': this.client._userAgent || ''
       }
diff --git a/package.json b/package.json
index 90eb43d3..97b8edbb 100644
--- a/package.json
+++ b/package.json
@@ -12,7 +12,6 @@
   },
   "browser": {
     "./lib/common-node.js": false,
-    "./lib/client/http-tracker.js": false,
     "./lib/client/udp-tracker.js": false,
     "./server.js": false
   },
@@ -44,7 +43,8 @@
     "simple-websocket": "^9.1.0",
     "string2compact": "^1.3.0",
     "unordered-array-remove": "^1.0.2",
-    "ws": "^7.4.5"
+    "ws": "^7.4.5",
+    "querystring-browser": "^1.0.4"
   },
   "devDependencies": {
     "@webtorrent/semantic-release-config": "1.0.5",
diff --git a/server.js b/server.js
index a72b3391..43c4748d 100644
--- a/server.js
+++ b/server.js
@@ -68,6 +68,10 @@ class Server extends EventEmitter {
       process.nextTick(() => {
         this.http.on('request', (req, res) => {
           if (res.headersSent) return
+          res.setHeader('Access-Control-Allow-Origin', '*')
+          res.setHeader('Access-Control-Allow-Headers', '*')
+          res.setHeader('Access-Control-Allow-Credentials', 'true')
+          res.setHeader('Access-Control-Allow-Methods', '*')
           this.onHttpRequest(req, res)
         })
       })