S3 answer me the Access-Control-Allow-Originheading only if you send him Originand Access-Control-Request-Method. Is there a way that S3 will respond Access-Control-Allow-Originby default without any special headers?
Access-Control-Allow-Origin
Origin
Access-Control-Request-Method
According to the W3C CORS specification, CORS response headers should only be included if the request contains a header Origin.
S3 follows this specification, so it's impossible to get it to always send CORS response headers.