Developer Tools2026-03-197 min read

CORS Preflight Requests: Why OPTIONS & How to Handle

Deep dive into CORS preflight: when OPTIONS is sent, how to handle it, caching preflight, and common mistakes.

When Preflight Happens

The browser sends an OPTIONS preflight when your request uses:

Methods other than GET, HEAD, POST
Custom headers (Authorization, X-Custom-Header)
Content-Type other than form-data, urlencoded, or text/plain

Handling Preflight

// Express.js\napp.options('*', cors()); // handle all OPTIONS\n\n// Or manually\nif (req.method === 'OPTIONS') {\n  res.set('Access-Control-Max-Age', '86400'); // cache 24h\n  return res.sendStatus(204);\n}

Try It Free

Use our free online tool — 100% client-side, no data leaves your browser.

Open HTTP Status Codes

Related Tools & Articles

JSON Formatter
Base64 Encoder
Password Generator
Regex Tester
Hash Generator
All 50+ Free Tools