Appendix A. CORS reference

Clients and servers using CORS “talk” to each other through request and response headers. This appendix documents headers and other terms used when making CORS requests. It’s based on the latest version of the CORS spec at the time of writing (W3C Recommendation, January 16, 2014, which can be found at

A.1. HTTP headers

This section documents HTTP headers used by CORS. Headers can be categorized in different ways: they can either be present on the request from the browser, or on the response from the server; or they can be present on the preflight request, the actual request, or both (although it doesn’t hurt if preflight request headers are also on the actual request).

Get CORS in Action: Creating and consuming cross-origin APIs now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.