HTTP 200 OK
Content-Access-Control: allow <*>, deny <*>