[1] Cross-Origin Resource Sharing ( (2012-03-03 06:35:19 +09:00 版)) http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#access-control-allow-headers-response-header

[2] Fetch Standard ( (2014-11-25 23:43:08 +09:00 版)) https://fetch.spec.whatwg.org/#http-access-control-allow-headers

[3] ( (2011-07-16 05:29:36 +09:00 版)) http://www.iana.org/assignments/message-headers/prov/access-control-allow-credentials

[4] Allow more wildcards in CORS when used without credentials ( (annevk著, 2016-05-24 18:42:09 +09:00)) https://github.com/whatwg/fetch/commit/cdbb13c08650b10c9ebfc54d046bec0639e7ba7c

[5] Adjust CORS wildcard handling slightly (annevk著, 2017-09-07 17:48:36 +09:00) https://github.com/whatwg/fetch/commit/358dbf5296d91bb791d864b677b367bb11b3bf37

[6]

Access-Control-Allow-Headers: origin,range,hdntl,hdnts
Access-Control-Expose-Headers: Server,range,hdntl,hdnts