2.1.10 Section 7.1.1, Handling a Response to a Cross-Origin Request


The specification states:

 User agents must filter out all response headers other than those that are a simple response header or of which the field name is an ASCII case-insensitive match for one of the values of the Access-Control-Expose-Headers headers (if any), before exposing response headers to APIs defined in CORS API specifications.
 Note: The getResponseHeader() method of XMLHttpRequest will therefore not expose any header not indicated above.

IE8 Mode, IE9 Mode, and IE10 Mode (All Versions)

Not supported.