This guide helps you set up the header "Access-Control-Allow-Origin", an HTTP header that specifies which origin (domain, protocol, and port) can access resources on a server. This header is used to control cross-origin (CORS) access from a web application.

List of authorized domains

You can add the origin of a request to the list of authorized domains to access the server's resources by adding it to the values of the header Access-Control-Allow-Origin.

To authorize, for example, the site https://domain.xyz to access resources with CORS, the header must be as follows:

Access-Control-Allow-Origin: https://domain.xyz

You can set this via the header() function from PHP by referring to this guide in particular.

If you need this header to be applied everywhere, you can use an auto-prepend.