Blog
Custom headers in API design: every new header can cost a preflight
Authorization and Content-Type application/json are common; exotic headers multiply OPTIONS traffic.
1 min read
api-designcorsheaders
Simple requests
Keep browser-facing calls within simple request rules when feasible to skip preflight entirely.
Batch operations in a single POST body instead of inventing many custom X- headers.
Mobile and server clients
Native apps do not need CORS—use richer headers there while keeping web clients thin.
Version APIs via path or Accept header strategies that minimize extra preflights.