Suggestions on CORS in Apache implementation notes

[regisrob]

Since I recently faced the issue with different IIIF providers, I wonder if it would make sense to add a note in the Enabling CORS section to explain that the HTTP Header should also be present on the redirect response. When a manifest or info.json url is redirected to a new one, clients are still broken if the redirect is not itself cors-enabled.

I am not completely sure but I guess this can be solved in Apache by using Header always set ....

It might also be useful to point implementers to https://enable-cors.org, that has recipes for many servers other than Apache.