You are an API developer for a large manufacturing company. You have developed an API resource that adds new products to the distributor`s inventory using a POST HTTP request. It includes an Origin header and accepts application/x-www-form-encoded as request content type. Which response header will allow access to this resource from another origin?

Answer options:

A.Access-Control-Allow-Origin
B.Access-Control-Request-Method
C.Access-Control-Request-Headers
D.All of the above

Answer: A
For simple cross-origin 
POST
 method requests, the response from your resource needs to include the header 
Access-Control-Allow-Origin
, where the value of the header key is set to 
`*`
(any origin) or is set to the origins allowed to access that resource.
When a browser receives a non-simple HTTP request, the CORS protocol requires the browser to send a preflight request to the server and wait for approval (or a request for credentials) from the server before sending the actual request. The preflight request appears to your API as an HTTP request that:
Includes an 
Origin
 header.
Uses the 
OPTIONS
 method.
Includes the following headers:
Access-Control-Request-Method
Access-Control-Request-Headers
Option A is CORRECT as the POST request satisfies the condition for a simple cross-origin request. So allowing the Access-Control-Allow-Origin header will make it so that it can be accessed from other origins.
Option B is incorrect as this option will not allow the resource to be cross-origin. This header is a part of enabling CORS support for a complex HTTP request.
Option C is incorrect as this option will not allow the resource to be cross-origin. This header is a part of enabling CORS support for a complex HTTP request.
Option D is incorrect but is the next closest answer. The question reads which header and not headers.
Reference:
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html