I would like to show to my users that they are using the Strava API with limit (100 request per 15 minutes, etc.)
The Strava API has HTTP response header for that :
okay, I figured this out. Has to be done on the server side. For security the browser respects cors, makes sense to not expose headers. On a server-side request, you can ignore the directive and get to the headers. I created a endpoint on my server to hit the strava api, then pointed my front end js to my own endpoint. same site doesn't have the cors issue but I just passed them along in the payload rather then adding them to my headers. hopefully that makes sense and helps someone.