1. headers http header: access-control-allow-credentials

2. headers http header: access-control-allow-headers

3. headers http header: access-control-allow-headers: `authorization` header is not covered by wildcard

4. headers http header: access-control-allow-headers: wildcard (`*`)

5. headers http header: access-control-allow-methods

6. headers http header: access-control-allow-methods: wildcard (`*`)