diff --git a/ql/src/experimental/CWE-942/CorsMisconfiguration.ql b/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
index 8aa06faccce..eb9cc52d8fe 100644
--- a/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
+++ b/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
@@ -83,10 +83,10 @@ predicate allowOriginIsWildcardOrNull(HTTP::HeaderWrite allowOriginHW, string me
 
 from HTTP::HeaderWrite allowOriginHW, string message
 where
+  allowCredentialsIsSetToTrue(allowOriginHW) and
   (
     flowsFromUntrustedToAllowOrigin(allowOriginHW, message)
     or
     allowOriginIsWildcardOrNull(allowOriginHW, message)
-  ) and
-  allowCredentialsIsSetToTrue(allowOriginHW)
+  )
 select allowOriginHW, message