Specifies which headers are allowed in a pre-flight OPTIONS request through the
Access-Control-Request-Headers header.

Each header name specified in the Access-Control-Request-Headers must have a corresponding
entry in the rule. Only the headers that were requested will be sent back.
This element can contain at most one * wildcard character.