+ # Always set Access-Control-Allow-Origin so that simple CORS requests
+ # will always work and can be cached
+ Header set Access-Control-Allow-Origin "*"
+
+ # Remove Proxy request header to mitigate https://httpoxy.org/
+ RequestHeader unset Proxy early
+