Thanks for the note on whitelisted headers. What you said makes sense but it seems the whitelisting is used in a different context here. It's used for accepting headers in the request as opposed to returning headers in the response.
Thanks for the note on whitelisted headers. What you said makes sense but it seems the whitelisting is used in a different context here. It's used for accepting headers in the request as opposed to returning headers in the response.