Hi,If a server is returning (Access-Control-Allow-Origin: *) without setting the Origin header in HTTP request then can we say that server is not implementing CORS properly?
With the help of http://web-sniffer.net/, I randomly checked sites (home pages only) for CORS and nearly 200 sites are returning (Access-Control-Allow-Origin: *).
Cheers, ashar
