Too Long; Didn't Read
A CORS-safelisted response header is an HTTP header which has been safelisted so that it will not be filtered when responses are processed by CORS. By default, the safelist includes the following response headers.Extending the saflist can extend the list of headers by using the "Access-Control-Expose-Headers" header: X-Custom-header, Content-Length. Additionally, you can add the "X-Custom Header" header to the list.