Adds Cross Origin Request Sharing headers used by modern browsers
to allow XMLHttpRequest to work across domains. This module will
also help protect against CSRF attacks in some browsers.

This module attempts to fully conform to the CORS spec, while
allowing additional flexibility in the values specified for the of
the headers.

The module also ensures that the response contains a Vary: Origin
header to avoid potential issues with caches.