[1] [CITE@en-US[Cross-Origin Resource Sharing]]
( ([TIME[2012-03-03 06:35:19 +09:00]] 版))
<http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#access-control-allow-headers-response-header>

[2] [CITE@en-US[Fetch Standard]]
( ([TIME[2014-11-25 23:43:08 +09:00]] 版))
<https://fetch.spec.whatwg.org/#http-access-control-allow-headers>

[3] ( ([TIME[2011-07-16 05:29:36 +09:00]] 版))
<http://www.iana.org/assignments/message-headers/prov/access-control-allow-credentials>

[4] [CITE@en[Allow more wildcards in CORS when used without credentials]]
( ([[annevk]]著, [TIME[2016-05-24 18:42:09 +09:00]]))
<https://github.com/whatwg/fetch/commit/cdbb13c08650b10c9ebfc54d046bec0639e7ba7c>

[5] [CITE@en[Adjust CORS wildcard handling slightly]]
([[annevk]]著, [TIME[2017-09-07 17:48:36 +09:00]])
<https://github.com/whatwg/fetch/commit/358dbf5296d91bb791d864b677b367bb11b3bf37>


[6] 
[PRE(code example http)[
Access-Control-Allow-Headers: origin,range,hdntl,hdnts
Access-Control-Expose-Headers: Server,range,hdntl,hdnts
]PRE]