Suneel,
Good afternoon. The CORS assertion will set the Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Headers, and Access-Control-Max-Age headers when the Option HTTP method is used along with specified values in each of the tabs of the assertion during the pre-flight test.
As for the variable prefix, it is used to create a prefix to the following context variables that can be used in additional policy logic.
<prefix>.isPreflight
Returns "true" if the request is a preflight request, otherwise returns "false".
<prefix>.isCORS
Returns "true" if the request is a CORS request (contains the Origin header), otherwise returns "false".
Note: This variable always returns "true" if <prefix>.isPreflight is "true".
Sincerely,
Stephen Hughes
Director, CA Support