Blog
Access-Control-Max-Age: caching preflight results to reduce latency
Max-Age tells browsers how long they may reuse a successful OPTIONS response, cutting duplicate round trips for the same path and headers.
1 min read
corspreflightperformance
Interaction with the browser cache
Preflight cache is separate from HTTP cache for GET responses; it keys on URL, method intent, and headers fingerprint.
Very large Max-Age values can delay policy adoption after server changes—pair with deployment discipline or versioned endpoints.
CDN and edge layers
Some intermediaries strip or duplicate OPTIONS handling; verify behavior in staging with real browser fingerprints.
If you terminate TLS at multiple hops, ensure OPTIONS reaches the service that owns the CORS policy.