Hi All,

When a browser initiates a GET or POST request, it often triggers a CORS preflight OPTIONS request. These OPTIONS calls are handled directly at the gateway level and typically bypass both the API assembly and preglobal policies. Based on our observations, prehook policies are designed for standard API flows and do not apply to preflight requests.

Given that our goal is to reduce call volumes to the platform, we're exploring whether it's possible to cache these preflight OPTIONS requests. Caching could help minimize the frequency of these calls.

I reviewed IBM's documentation and based on my understanding, if we want to customize CORS behavior-particularly to include custom headers-we should disable the built-in CORS configuration on the API and instead handle CORS manually using a GatewayScript policy.Any sight's on this topic? Thanks in advance.

 Need to remove the particular response headers | API Connect

https://www.ibm.com/docs/en/api-connect/10.0.5.x_lts?topic=api-enabling-cors-support