Allow from all
Header always set Access-Control-Allow-Origin "https://fdsnws.geophysik.ruhr-uni-bochum.de"
Header always append Access-Control-Allow-Origin "https://photon.komoot.de"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
Header always set Access-Control-Max-Age "600"