By Default a CORS XHR request has the following headers available for inspection in a response:
http://www.w3.org/TR/cors/#simple-response-header
Any other header (like X-headers or cookie for example) is not accessible for a XHR request. For it to available you need the site you are requesting to explicitly set the header Access-Control-Expose-Headers and give it specific ‘case-insensitive’ headers.
For example if you want the content length to determine the size the following should be set
Access-Control-Expose-Headers: content-length
Now, I was curious to see what are the most common such values across the HTTP
select count(requestid) as ct, REGEXP_EXTRACT(LOWER(respOtherHeaders),r’access-control-expose-headers = ([\w-]+)') ac,
FROM [httparchive:runs.latest_requests]
group by ac
having ac is NOT NULL
order by ct desc;
The following was the response which shows people are most interested in Data, LastModified and some specific ids