Requests made by http://a.com/latest
|**http:**//a.com/users.json||Blocked||Different Schema and Port|
Please note images and iframes are always allowed.
CORS headers start with “Access-Control”
Describes which origin can access the response. It's the most improtant, because it's the whitelist of what origins can access resources at this host.
[[ *, an origin, or “null” ]] is open for that request's host.
Indicates if the request can include credentials ← !!!!
Instructs the browser to cache the CORS configuration for X seconds.
Standard GET, HEAD, and POST requests don't require preflight requests.
Other request methods, requests with custom HTTP headers, or POST requests with non-standard content-types will require a preflight request.
Using the HTTP method OPTIONS for a request lets you know what methods are accepted.