CORS enables the browser to manage cross-domain content by either allowing or denying it based on the configured security settings.
HTTP Request Headers#
When a domain is requesting to interact with a resource on another domain, request headers are added from the first domain in order to use the cross-origin resource sharing feature. These are the HTTP request headers that may be associated with the requesting domain.
- Origin
- Access-Control-Request-Method
- Access-Control-Request-Headers
HTTP Response Headers#
The domain who’s resources are being requested can respond to the first domain with the following HTTP response headers based on what configuration options are set.
- Access-Control-Allow-Origin
- Access-Control-Allow-Credentials
- Access-Control-Expose-Headers
- Access-Control-Max-Age
- Access-Control-Allow-Methods
- Access-Control-Allow-Headers
You can find more on setting CORS the correct way by visiting this website.