When trying to add a custom header to a CORS request, it is being requested by the OPTIONS request but is not being added to the subsequent GET request. Sample code:

 var url = 'http://mycorsenabledserver.com/';
        var token = 'My Token';

        $.ajaxSetup({
            headers: {
                "My-Token": token
            }
        });

        $.ajax({
            url: url,
            type: 'GET',
            crossDomain: true,
            beforeSend: function(request) {
                request.setRequestHeader('My-Token', token); 
            },
            success: function() {
                console.log('success');
            },
            error: function(e) {
                console.log('error');
            }
        });

The OPTIONS request and response:

OPTIONS / HTTP/1.1
Host: mycorsenabledserver.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://local.api-test.foo.com
Access-Control-Request-Method: GET
Access-Control-Request-Headers: my-token
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx/1.2.5
Date: Wed, 20 Feb 2013 23:49:24 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 0
Content-Type: text/plain
Allow: OPTIONS, DELETE, POST, PUT, GET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: my-token, x-requested-with
Access-Control-Allow-Methods: PUT, GET, POST, DELETE, OPTIONS
Access-Control-Allow-Credentials: true

The subsequent GET request:

GET / HTTP/1.1
Host: mycorsenabledserver.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://local.api-test.foo.com/
Origin: http://local.api-test.foo.com
Connection: keep-alive