HTTP 200 OK
Access-Control: allow <*>, deny <*>