We have a client that requires at least some of the following for Access-Control-Allow-Headers:

Access-Control-Allow-Headers: origin,x-requested-with,access-control-request-headers,content-type,access-control-request-method,accept

But when Cors is enabled, splunk HEC returns:

Access-Control-Allow-Headers:Authorization

Is there a way to modify what CORS returns?