The same-origin security policy forbids cross-origin access to resources. But CORS gives web servers the ability to say they want to opt into allowing cross-origin access to their resources.
- Indicates whether the response can be shared.
- Indicates whether or not the response to the request can be exposed when the credentials flag is true.
- Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.
- Specifies the method or methods allowed when accessing the resource in response to a preflight request.
- Indicates which headers can be exposed as part of the response by listing their names.
- Indicates how long the results of a preflight request can be cached.
- Used when issuing a preflight request to let the server know which HTTP headers will be used when the actual request is made.
- Used when issuing a preflight request to let the server know which HTTP method will be used when the actual request is made.
- Indicates where a fetch originates from.