Blog

Canary deployments: validating CORS headers before full rollouts

Shift a small percentage of traffic to new builds and compare preflight success rates and header parity.

Published: 2025-08-01Updated: 2025-08-051 min read

deploymentcorstesting

What to measure

Track OPTIONS success ratio, not just GET/POST, because middleware ordering bugs often surface only on preflight.

Diff Allow-Origin, Allow-Headers, and Max-Age between canary and baseline using scripted probes.

Define automatic rollback if CORS denials spike beyond a threshold for any monitored partner origin.

Keep feature flags for risky header changes separate from unrelated application logic.