diff --git a/monitoring/mtls-bridge/app.py b/monitoring/mtls-bridge/app.py
index 6edc592..3cd33a9 100644
--- a/monitoring/mtls-bridge/app.py
+++ b/monitoring/mtls-bridge/app.py
@@ -64,6 +64,44 @@ logger.info(
 )
 
 
+def get_verify_setting():
+    if not UPSTREAM_CA_CERT:
+        return True
+
+    lowered = UPSTREAM_CA_CERT.lower()
+    if lowered in {"false", "0", "no"}:
+        logger.warning("TLS verification for upstream is disabled via UPSTREAM_CA_CERT=%s", UPSTREAM_CA_CERT)
+        return False
+
+    if not os.path.exists(UPSTREAM_CA_CERT):
+        logger.warning(
+            "Configured UPSTREAM_CA_CERT path does not exist: %s (falling back to system CA bundle)",
+            UPSTREAM_CA_CERT,
+        )
+        return True
+
+    return UPSTREAM_CA_CERT
+
+
+VERIFY_SETTING = get_verify_setting()
+
+logger.info(
+    "mtls-bridge starting target_url=%s timeout=%ss cert=%s key=%s verify=%s log_level=%s",
+    TARGET_URL,
+    TIMEOUT,
+    CLIENT_CERT,
+    CLIENT_KEY,
+    VERIFY_SETTING,
+    os.environ.get("LOG_LEVEL", "INFO"),
+)
+
+if TARGET_URL and TARGET_URL.lower().startswith("http://"):
+    logger.warning(
+        "TARGET_URL uses http://; upstream may redirect to https:// and change request behavior: %s",
+        TARGET_URL,
+    )
+
+
 @app.route("/health", methods=["GET"])
 def health():
     logger.debug("healthcheck request from %s", request.remote_addr)
@@ -89,8 +127,17 @@ def after_request(response):
     return response
 
 
-@app.route("/", defaults={"path": ""}, methods=["GET", "POST", "PUT", "DELETE", "PATCH"])
-@app.route("/<path:path>", methods=["GET", "POST", "PUT", "DELETE", "PATCH"])
+@app.route(
+    "/",
+    defaults={"path": ""},
+    methods=["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS", "HEAD"],
+    provide_automatic_options=False,
+)
+@app.route(
+    "/<path:path>",
+    methods=["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS", "HEAD"],
+    provide_automatic_options=False,
+)
 def proxy(path):
     request_path = f"/{path}" if path else "/"
     request_size = len(request.get_data(cache=True))