diff --git a/api/src/plugins/cors.test.ts b/api/src/plugins/cors.test.ts
new file mode 100644
index 00000000000..c23ca0dd889
--- /dev/null
+++ b/api/src/plugins/cors.test.ts
@@ -0,0 +1,35 @@
+import Fastify, { FastifyInstance, LogLevel } from 'fastify';
+import cors from './cors';
+
+const LOG_LEVELS: LogLevel[] = [
+  'fatal',
+  'error',
+  'warn',
+  'info',
+  'debug',
+  'trace'
+];
+
+describe('cors', () => {
+  let fastify: FastifyInstance;
+  beforeAll(async () => {
+    fastify = Fastify({ disableRequestLogging: true });
+    await fastify.register(cors);
+  });
+
+  afterAll(async () => {
+    await fastify.close();
+  });
+
+  it('should not log for /status/* routes', async () => {
+    const logger = fastify.log.child({ req: { url: '/status/ping' } });
+    const spies = LOG_LEVELS.map(level => jest.spyOn(logger, level));
+    await fastify.inject({
+      url: '/status/ping'
+    });
+
+    spies.forEach(spy => {
+      expect(spy).not.toHaveBeenCalled();
+    });
+  });
+});
diff --git a/api/src/plugins/cors.ts b/api/src/plugins/cors.ts
index b26c1718259..3c3bfb141fe 100644
--- a/api/src/plugins/cors.ts
+++ b/api/src/plugins/cors.ts
@@ -21,7 +21,10 @@ const cors: FastifyPluginCallback = (fastify, _options, done) => {
       // separately. If we switch to that approach we can replace use
       // @fastify/cors instead.
       void reply.header('Access-Control-Allow-Origin', HOME_LOCATION);
-      logger.debug(`Received request from disallowed origin: ${origin}`);
+
+      if (!req.url?.startsWith('/status/')) {
+        logger.info(`Received request from disallowed origin: ${origin}`);
+      }
     }
 
     void reply