CORS не работает php

Я пытаюсь отправить данные формы с сайта www.siteone.com на www.sitetwo.com через CORS. Мой код ajax:

<script> $(document).ready(function(){ $("#submit").live('click',function() { var url = "http://www.sitetwo.com/cors.php"; var data = $('#form').serialize(); jQuery.ajax({ url : url, type: "POST", data : $('#form').serialize(), }).done(function(response){ alert(response); }).fail(function(error){ console.log(error.statusText); }); return false; }); }); </script> 

и файл cors.php на www.sitetwo.com выглядит следующим образом:

 <?php header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: POST, GET, OPTIONS'); echo "hai"; ?> 

Но все же возникает ошибка Access-control-Allow-Origin. Произошла ошибка:

 XMLHttpRequest cannot load http://www.sitetwo.com/cors.php. Origin http://www.siteone.com is not allowed by Access-Control-Allow-Origin. 

Я узнал, что, используя CORS, просто разрешив удаленный веб-сайт через заголовки, мы можем использовать кросс-доменный запрос. Но когда я так пробовал, возникает ошибка. Я пропустил что-нибудь здесь? Вот мои заголовки запросов / ответов:

 Response Headers Connection Keep-Alive Content-Length 487 Content-Type text/html; charset=iso-8859-1 Date Fri, 23 Aug 2013 05:53:20 GMT Keep-Alive timeout=15, max=99 Server Apache/2.2.15 (CentOS) WWW-Authenticate Basic realm="Site two Server - Restricted Area" Request Headers Accept */* Accept-Encoding gzip, deflate Accept-Language en-US,en;q=0.5 Content-Length 43 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Host www.sitetwo.com Origin http://www.siteone.com Referer http://www.siteone.com/index.html User-Agent Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0 Подключение Keep-Alive Response Headers Connection Keep-Alive Content-Length 487 Content-Type text/html; charset=iso-8859-1 Date Fri, 23 Aug 2013 05:53:20 GMT Keep-Alive timeout=15, max=99 Server Apache/2.2.15 (CentOS) WWW-Authenticate Basic realm="Site two Server - Restricted Area" Request Headers Accept */* Accept-Encoding gzip, deflate Accept-Language en-US,en;q=0.5 Content-Length 43 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Host www.sitetwo.com Origin http://www.siteone.com Referer http://www.siteone.com/index.html User-Agent Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0 Accept-Encoding gzip, deflate Response Headers Connection Keep-Alive Content-Length 487 Content-Type text/html; charset=iso-8859-1 Date Fri, 23 Aug 2013 05:53:20 GMT Keep-Alive timeout=15, max=99 Server Apache/2.2.15 (CentOS) WWW-Authenticate Basic realm="Site two Server - Restricted Area" Request Headers Accept */* Accept-Encoding gzip, deflate Accept-Language en-US,en;q=0.5 Content-Length 43 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Host www.sitetwo.com Origin http://www.siteone.com Referer http://www.siteone.com/index.html User-Agent Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0 

 <?php header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: POST, GET, OPTIONS'); ?> 

  <?php // Allow from any origin if (isset($_SERVER['HTTP_ORIGIN'])) { header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}"); header('Access-Control-Allow-Credentials: true'); header('Access-Control-Max-Age: 86400'); // cache for 1 day } // Access-Control headers are received during OPTIONS requests if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) header("Access-Control-Allow-Methods: GET, POST, OPTIONS"); if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}"); exit(0); } echo "You have CORS!"; ?>