Secure an API with Access-Control-Allow-Headers by Kristian Freeman