Useful HTTP Response Headers for IIS and ArcGIS JavaScript Web Applications
This is in addition to a question I answered on Stack Overflow where someone had asked how to turn off IE compatibility mode (hint: set “X-UA-Compatible” to “IE=edge”).
These additional response headers are useful in making ArcGIS Server REST endpoints accessible across sites without adding XSS vulnerability.
| Access-Control-Allow-Credentials | true |
|---|---|
| Access-Control-Allow-Headers | Origin,X-Requested-With,Content-Type,Accept |
| Access-Control-Allow-Methods | GET,PUT,POST,DELETE,OPTIONS,PATCH,TRACE |
| Access-Control-Allow-Origin | * |
| X-UA-Compatible | IE=edge |
Erik's Rambling Again! 