/*
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Max-Age: 86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Permissions-Policy: document-domain=(), camera=(), microphone=(), geolocation=()
X-Frame-Options: ALLOW-FROM *
Content-Security-Policy: frame-ancestors *;