I\'ve noticed that the results of and XMLHttpRequest.getResponseHeader() don\'t always match the real headers returned (if the request is made in a regular mann
XMLHttpRequest.getResponseHeader()
It's the Access-Control-Allow-Origin header and the way it allows to prevent which headers are exposed to the browser. Docs at mozilla.
Access-Control-Allow-Origin