https://fetch.spec.whatwg.org/#cors-safelisted-request-header
get
head
post
text/plain
multipart/form-data
application/x-www-form-urlencoded
- `
Accept` - `
Accept-Language` - `
Content-Language` - `
Content-Type` and whose value, once extracted, has a MIME type (ignoring parameters) that is `application/x-www-form-urlencoded`, `multipart/form-data`, or `text/plain`
- `
DPR` - `
Downlink` - `
Save-Data` - `
Viewport-Width` - `
Width`