diff --git a/id.saladeaula.digital/client/app/lib/http-status.ts b/id.saladeaula.digital/client/app/lib/http-status.ts
deleted file mode 100644
index b4c6042..0000000
--- a/id.saladeaula.digital/client/app/lib/http-status.ts
+++ /dev/null
@@ -1,6 +0,0 @@
-export const OK = 200
-export const FOUND = 302
-export const BAD_REQUEST = 400
-export const UNAUTHORIZED = 401
-export const FORBIDDEN = 403
-export const INTERNAL_SERVER = 500
diff --git a/id.saladeaula.digital/client/app/routes/authorize.ts b/id.saladeaula.digital/client/app/routes/authorize.ts
index a157286..281ed5c 100644
--- a/id.saladeaula.digital/client/app/routes/authorize.ts
+++ b/id.saladeaula.digital/client/app/routes/authorize.ts
@@ -1,8 +1,11 @@
 import type { Route } from './+types'
 
-import * as httpStatus from '@/lib/http-status'
 import { parse } from 'cookie'
 
+export const OK = 200
+export const FOUND = 302
+export const INTERNAL_SERVER_ERROR = 500
+
 export async function loader({ request, context }: Route.LoaderArgs) {
   const cookies = parse(request.headers.get('Cookie') || '')
   const url = new URL(request.url)
@@ -13,7 +16,7 @@ export async function loader({ request, context }: Route.LoaderArgs) {
 
   if (!cookies?.__session) {
     return new Response(null, {
-      status: httpStatus.FOUND,
+      status: FOUND,
       headers: {
         Location: loginUrl.toString()
       }
@@ -30,23 +33,23 @@ export async function loader({ request, context }: Route.LoaderArgs) {
       redirect: 'manual'
     })
 
-    if (r.status === httpStatus.FOUND) {
+    if (r.status === FOUND) {
       return new Response(await r.text(), {
         status: r.status,
         headers: r.headers
       })
     }
 
-    console.log('Issuer response', {
+    console.log('Authorize response', {
       json: await r.json(),
       headers: r.headers,
       status: r.status
     })
 
     // Deny authorization if user lacks scopes requested by client
-    if (r.status === httpStatus.FORBIDDEN) {
+    if (r.status === FOUND) {
       return new Response(null, {
-        status: httpStatus.FOUND,
+        status: r.status,
         headers: {
           Location: new URL('/deny', url.origin).toString()
         }
@@ -54,13 +57,13 @@ export async function loader({ request, context }: Route.LoaderArgs) {
     }
 
     return new Response(null, {
-      status: httpStatus.FOUND,
+      status: FOUND,
       headers: {
         Location: loginUrl.toString()
       }
     })
   } catch (error) {
     console.error(error)
-    return new Response(null, { status: httpStatus.INTERNAL_SERVER })
+    return new Response(null, { status: INTERNAL_SERVER_ERROR })
   }
 }
diff --git a/id.saladeaula.digital/client/app/routes/index.tsx b/id.saladeaula.digital/client/app/routes/index.tsx
index aa0cae2..310bb0f 100644
--- a/id.saladeaula.digital/client/app/routes/index.tsx
+++ b/id.saladeaula.digital/client/app/routes/index.tsx
@@ -21,7 +21,7 @@ import { Button } from '@/components/ui/button'
 import { Checkbox } from '@/components/ui/checkbox'
 import { Input } from '@/components/ui/input'
 import { Label } from '@/components/ui/label'
-import * as httpStatus from '@/lib/http-status'
+import { FOUND, INTERNAL_SERVER_ERROR, OK } from './authorize'
 
 const schema = z.object({
   username: z
@@ -60,7 +60,7 @@ export async function action({ request, context }: Route.ActionArgs) {
       body: JSON.stringify(formData)
     })
 
-    if (r.status !== httpStatus.OK) {
+    if (r.status !== OK) {
       return Response.json(await r.json(), {
         status: r.status,
         headers: r.headers
@@ -74,12 +74,12 @@ export async function action({ request, context }: Route.ActionArgs) {
     headers.set('Location', url.toString())
 
     return new Response(await r.text(), {
-      status: httpStatus.FOUND,
+      status: FOUND,
       headers
     })
   } catch (error) {
     console.error(error)
-    return Response.json({}, { status: httpStatus.INTERNAL_SERVER })
+    return Response.json({}, { status: INTERNAL_SERVER_ERROR })
   }
 }
 
diff --git a/id.saladeaula.digital/client/app/routes/upstream.ts b/id.saladeaula.digital/client/app/routes/upstream.ts
index 86e2fe9..08d9365 100644
--- a/id.saladeaula.digital/client/app/routes/upstream.ts
+++ b/id.saladeaula.digital/client/app/routes/upstream.ts
@@ -7,8 +7,6 @@ async function proxy({
   request,
   context
 }: Route.ActionArgs): Promise<Response> {
-  console.debug('Request headers', request.headers)
-
   const url = new URL(request.url)
   const issuerUrl = new URL(url.pathname, context.cloudflare.env.ISSUER_URL)
   const response = await fetch(issuerUrl.toString(), {
@@ -16,8 +14,6 @@ async function proxy({
     headers: request.headers
   })
 
-  console.debug('Response headers', response.headers)
-
   return new Response(await response.text(), {
     status: response.status,
     headers: response.headers
diff --git a/id.saladeaula.digital/client/package-lock.json b/id.saladeaula.digital/client/package-lock.json
index 1272092..e9f6d0b 100644
--- a/id.saladeaula.digital/client/package-lock.json
+++ b/id.saladeaula.digital/client/package-lock.json
@@ -31,6 +31,7 @@
         "@types/node": "^20",
         "@types/react": "^19.1.2",
         "@types/react-dom": "^19.1.2",
+        "@types/statuses": "^2.0.6",
         "tailwindcss": "^4.1.11",
         "tw-animate-css": "^1.3.6",
         "typescript": "^5.8.3",
@@ -2668,6 +2669,13 @@
         "@types/react": "^19.0.0"
       }
     },
+    "node_modules/@types/statuses": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/@types/statuses/-/statuses-2.0.6.tgz",
+      "integrity": "sha512-xMAgYwceFhRA2zY+XbEA7mxYbA093wdiW8Vu6gZPGWy9cmOyU9XesH1tNcEWsKFd5Vzrqx5T3D38PWx1FIIXkA==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/acorn": {
       "version": "8.14.0",
       "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.0.tgz",
diff --git a/id.saladeaula.digital/client/package.json b/id.saladeaula.digital/client/package.json
index 737fe67..d45c42c 100644
--- a/id.saladeaula.digital/client/package.json
+++ b/id.saladeaula.digital/client/package.json
@@ -36,6 +36,7 @@
     "@types/node": "^20",
     "@types/react": "^19.1.2",
     "@types/react-dom": "^19.1.2",
+    "@types/statuses": "^2.0.6",
     "tailwindcss": "^4.1.11",
     "tw-animate-css": "^1.3.6",
     "typescript": "^5.8.3",
diff --git a/id.saladeaula.digital/client/wrangler.toml b/id.saladeaula.digital/client/wrangler.toml
index e548d26..9d62e12 100644
--- a/id.saladeaula.digital/client/wrangler.toml
+++ b/id.saladeaula.digital/client/wrangler.toml
@@ -13,5 +13,6 @@ ISSUER_URL = "https://duiolq49qn25e.cloudfront.net"
 
 [observability.logs]
 enabled = true
+# invocation_logs = true
 
 
diff --git a/id.saladeaula.digital/template.yaml b/id.saladeaula.digital/template.yaml
index d0ff5d0..172868e 100644
--- a/id.saladeaula.digital/template.yaml
+++ b/id.saladeaula.digital/template.yaml
@@ -116,6 +116,10 @@ Resources:
           CachedMethods: [GET, HEAD]
           ForwardedValues:
             QueryString: true
+            Headers:
+              - Origin
+              - Access-Control-Request-Method
+              - Access-Control-Request-Headers
             Cookies:
               Forward: all
           DefaultTTL: 0
@@ -129,6 +133,8 @@ Resources:
             CachedMethods: [GET, HEAD, OPTIONS]
             ForwardedValues:
               QueryString: false
+              Headers:
+                - Origin
             DefaultTTL: 3600 # 1 hour
             MinTTL: 300 # 5 minutes
             MaxTTL: 86400 # 1 day