diff --git a/Caddyfile b/Caddyfile
index f6a9bea..7de3864 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -3,23 +3,23 @@
 }
 
 ai-gateway.ldex.dev {
-    # Log all requests to stdout
     log {
         output stdout
     }
 
-    # 1. Force CORS headers and DELETE duplicates from backend
+    # Stealth CORS: Reflect the requester's origin instead of using "*"
+    # This avoids the "*, *" duplication and looks less suspicious to Zscaler
     header {
-        -Access-Control-Allow-Origin
-        -Access-Control-Allow-Methods
-        -Access-Control-Allow-Headers
-        Access-Control-Allow-Origin *
+        Access-Control-Allow-Origin "{header.Origin}"
         Access-Control-Allow-Methods "GET, POST, OPTIONS"
         Access-Control-Allow-Headers "*"
         Access-Control-Expose-Headers "*"
+        Access-Control-Allow-Credentials "true"
+        # 'defer' ensures we override any headers sent by the backend
+        defer
     }
 
-    # 2. Immediately handle OPTIONS requests
+    # Handle preflights immediately
     @options {
         method OPTIONS
     }
@@ -27,6 +27,5 @@ ai-gateway.ldex.dev {
         respond "" 204
     }
 
-    # 3. Proxy everything else
     reverse_proxy ai-gateway:8000
 }
diff --git a/app/main.py b/app/main.py
index 3639504..d0c2510 100644
--- a/app/main.py
+++ b/app/main.py
@@ -3,6 +3,12 @@ from fastapi import FastAPI, Request
 from slowapi import _rate_limit_exceeded_handler
 from slowapi.errors import RateLimitExceeded
 
+import logging
+
+# Set up logging to stdout
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger("ai_gateway")
+
 from app.api.router import api_router
 from app.core.config import settings
 from app.core.limiter import limiter
@@ -34,10 +40,10 @@ def create_application() -> FastAPI:
     # Debug Logger Middleware
     @application.middleware("http")
     async def log_requests(request: Request, call_next):
-        print(f"DEBUG: Incoming {request.method} {request.url}")
-        print(f"DEBUG: Origin: {request.headers.get('origin')}")
+        logger.info(f"DEBUG: Incoming {request.method} {request.url}")
+        logger.info(f"DEBUG: Origin: {request.headers.get('origin')}")
         response = await call_next(request)
-        print(f"DEBUG: Status Code: {response.status_code}")
+        logger.info(f"DEBUG: Status Code: {response.status_code}")
         return response
 
     # Set up Rate Limiter (CORS is handled by Caddy at the edge)