diff --git a/config/cors.php b/config/cors.php
index 3432a11..3282b26 100644
--- a/config/cors.php
+++ b/config/cors.php
@@ -6,7 +6,7 @@
     'allowed_origins' => ['*'], // 모든 도메인 허용 (보안 주의)
     'allowed_origins_patterns' => [],
     'allowed_headers' => ['*'], // 모든 헤더 허용
-    'exposed_headers' => [],
-    'max_age' => 0,
+    'exposed_headers' => ['x-api-key', 'Authorization'], // 커스텀 헤더 명시
+    'max_age' => 86400, // Preflight 캐싱 (24시간)
     'supports_credentials' => false,
 ];