Blog

Shadow traffic and canaries: validating CORS headers on duplicated requests

Mirror production traffic to new builds without user impact; compare header sets byte-by-byte for drift.

Published: 2025-11-26Updated: 2025-11-281 min read

testingcanarycors

Privacy and sampling

Redact cookies and PII from mirrored payloads in shadow pipelines.

Sample traffic to control storage costs while keeping statistical significance.

Block promotion if OPTIONS or Allow-Origin differs between shadow and baseline beyond tolerance.

Keep shadow environments network-isolated from production databases.