HTTP 200 OK
Access-Control: allow <localhost:8888> exclude <localhost.bar> <bar.localhost>, deny <*> exclude <localhost:8888>