比如说在nginx中配置 Allow-Methods和 Allow-Headers ，怎么知道网站支持哪些？

add_header Access-Control-Allow-Methods 'GET,POST';
add_header Access-Control-Allow-Headers '*';
add_header Access-Control-Allow-Credentials 'true';

# JD 可以看到 运行所有（ Access-Control-Allow-Origin: *）

curl -I -XGET www.jd.com
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 07 Jan 2021 08:09:52 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: https://www.jd.com/
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Trace: 302-1610006992561-0-0-0-0-0
Strict-Transport-Security: max-age=360

#淘宝没显示

curl -I -XPUT www.taobao.com

HTTP/1.1 301 Moved Permanently
Server: Tengine
Date: Thu, 07 Jan 2021 08:11:31 GMT
Content-Type: text/html
Content-Length: 278
Connection: keep-alive
Location: https://www.taobao.com/
Via: cache10.cn2434[,0]
Timing-Allow-Origin: *
EagleId: 700f049e16100070914034934e

#  QQ也没显示

curl -I -XGET www.qq.com
HTTP/1.1 302 Moved Temporarily
Server: ias/1.3.5_1.17.3
Date: Thu, 07 Jan 2021 08:11:58 GMT
Content-Type: text/html
Content-Length: 149
Connection: keep-alive
Location: https://www.qq.com/

curl -I -XDELETE www.qq.com

HTTP/1.1 302 Moved Temporarily
Server: ias/1.3.5_1.17.3
Date: Thu, 07 Jan 2021 08:12:10 GMT
Content-Type: text/html
Content-Length: 149
Connection: keep-alive
Location: https://www.qq.com/