New HTTP Header: access-control-allow-origin

We have added a new HTTP header to our API responses:

access-control-allow-origin: *

This header will allow you to call our service from any domain. We had this header in place for JSON requests but it is available for all types of requests.

You can read more about Access Control Allow Origin at HTTP access control (CORS).


HTTP response headers for successful requests (status code 200):

HTTP/1.1 200 OK
Content-Type: image/jpeg
Etag: d16c7a75b11ea555016afb2b3655cb870b32df4c
access-control-allow-origin: *
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=15768000

HTTP response headers for cached requests (status code 304):

HTTP/1.1 304 Not Modified
access-control-allow-origin: *
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=15768000

HTTP response headers for errors (status code 400):

HTTP/1.1 400 Bad Request
Content-Type: image/png
rethumb-error-message: Square must be numeric. (#701)