Appendix A. CORS reference
Clients and servers using CORS “talk” to each other through request and response headers. This appendix documents headers and other terms used when making CORS requests. It’s based on the latest version of the CORS spec at the time of writing (W3C Recommendation, January 16, 2014, which can be found at www.w3.org/TR/2014/REC-cors-20140116/).
This section documents HTTP headers used by CORS. Headers can be categorized in different ways: they can either be present on the request from the browser, or on the response from the server; or they can be present on the preflight request, the actual request, or both (although it doesn’t hurt if preflight request headers are also on the actual request).
The browser is responsible for setting the CORS request headers, and these headers can’t be overridden by the client code. Table A.1 documents the headers that may be present on CORS requests.