Our API supports sending along a Request-Id header, and this will be traced through on our side for logging and whatnot.

A simple UUID or something unique would be sufficient.

Note that this header should already be allowed by our CORS, but a manual verification would be nice.