Access-Control-Expose-Headers response header allows a server to indicate which response headers should be made available to scripts running in the browser, in response to a cross-origin request.
Only the CORS-safelisted response headers are exposed by default. For clients to be able to access other headers, the server must list them using the
|Header type||Response header|
|Forbidden header name||no|