CORS hidden headers?

I was working on implementing spring security with hmac in my angular app when I noticed something that seems weird. Could someone explain why I don’t get “X-HMAC-CSRF”,”X-Secret”,”WWW-Authenticate”…