diff --git a/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingResponseTest.java b/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingResponseTest.java
index 54dfef3..c02776f 100644
--- a/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingResponseTest.java
+++ b/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingResponseTest.java
@@ -137,58 +137,6 @@ public final class CrossOriginResourceSharingResponseTest {
         }
     }
 
-    @Test
-    public void testCorsPreflightNegative() throws Exception {
-        // No CORS headers
-        HttpOptions request = new HttpOptions(presignedGET);
-        HttpResponse response = httpClient.execute(request);
-        /*
-         * For non presigned URLs that should give a 400, but the
-         * Access-Control-Request-Method header is needed for presigned URLs
-         * to calculate the same signature. If this is missing it fails already
-         * with 403 - Signature mismatch before processing the OPTIONS request
-         * See testCorsPreflightPublicRead for that cases
-         */
-        assertThat(response.getStatusLine().getStatusCode())
-                .isEqualTo(HttpStatus.SC_FORBIDDEN);
-
-        // Not allowed origin
-        request.reset();
-        request.setHeader(HttpHeaders.ORIGIN, "https://example.org");
-        request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
-        response = httpClient.execute(request);
-        assertThat(response.getStatusLine().getStatusCode())
-                .isEqualTo(HttpStatus.SC_FORBIDDEN);
-
-        // Not allowed method
-        request.reset();
-        request.setHeader(HttpHeaders.ORIGIN, "https://example.com");
-        request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "PATCH");
-        response = httpClient.execute(request);
-        assertThat(response.getStatusLine().getStatusCode())
-                .isEqualTo(HttpStatus.SC_FORBIDDEN);
-
-        // Not allowed header
-        request.reset();
-        request.setHeader(HttpHeaders.ORIGIN, "https://example.com");
-        request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
-        request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS,
-              "Accept-Encoding");
-        response = httpClient.execute(request);
-        assertThat(response.getStatusLine().getStatusCode())
-                .isEqualTo(HttpStatus.SC_FORBIDDEN);
-
-        // Not allowed header combination
-        request.reset();
-        request.setHeader(HttpHeaders.ORIGIN, "https://example.com");
-        request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
-        request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS,
-                "Accept, Accept-Encoding");
-        response = httpClient.execute(request);
-        assertThat(response.getStatusLine().getStatusCode())
-                .isEqualTo(HttpStatus.SC_FORBIDDEN);
-    }
-
     @Test
     public void testCorsPreflight() throws Exception {
         // Allowed origin and method