From 8fb278667457c5c56f21b2851e9ab82937b46a75 Mon Sep 17 00:00:00 2001
From: Dino Chiesa <dchiesa@google.com>
Date: Wed, 26 Jul 2023 16:56:23 -0700
Subject: [PATCH] describe Access-Control-Request-Headers as optional part of
 preflight (#28204)

---
 files/en-us/glossary/preflight_request/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/en-us/glossary/preflight_request/index.md b/files/en-us/glossary/preflight_request/index.md
index 38758160c6fc4a3..7993cc472c4fa50 100644
--- a/files/en-us/glossary/preflight_request/index.md
+++ b/files/en-us/glossary/preflight_request/index.md
@@ -8,7 +8,7 @@ page-type: glossary-definition
 
 A CORS preflight request is a {{Glossary("CORS")}} request that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers.
 
-It is an {{HTTPMethod("OPTIONS")}} request, using three HTTP request headers: {{HTTPHeader("Access-Control-Request-Method")}}, {{HTTPHeader("Access-Control-Request-Headers")}}, and the {{HTTPHeader("Origin")}} header.
+It is an {{HTTPMethod("OPTIONS")}} request, using two or three HTTP request headers: {{HTTPHeader("Access-Control-Request-Method")}}, {{HTTPHeader("Origin")}}, and optionally {{HTTPHeader("Access-Control-Request-Headers")}}.
 
 A preflight request is automatically issued by a browser and in normal cases, front-end developers don't need to craft such requests themselves. It appears when request is qualified as ["to be preflighted"](/en-US/docs/Web/HTTP/CORS#preflighted_requests) and omitted for [simple requests](/en-US/docs/Web/HTTP/CORS#simple_requests).