######################
## Handling Options for the CORS
     RewriteCond %{REQUEST_METHOD} OPTIONS
     RewriteRule ^(.*)$ $1 [L,R=204]

###################
## Add custom headers

    Header set X-Content-Type-Options "nosniff"
    Header set X-XSS-Protection "1; mode=block"
       # Always set these headers for CORS.
    Header always set Access-Control-Max-Age 1728000
    Header always set Access-Control-Allow-Origin: "http://musique.laei.org"
    Header always set Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
    Header always set Access-Control-Allow-Headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,C$
    Header always set Access-Control-Allow-Credentials true