This guide helps you set up the Access-Control-Allow-Origin header, an HTTP header that specifies which origin (domain, protocol, and port) can access resources on a server. This header is used to control cross-origin (CORS) access from a web application.

List of authorized domains

You can add the origin of a request to the list of authorized domains to access server resources by adding it to the values of the Access-Control-Allow-Origin header.

To authorize, for example, the site https://domain.xyz to access resources with CORS, the header must be as follows:

Access-Control-Allow-Origin: https://domain.xyz

You can set it via the header() function of PHP by referring to this guide in particular.

If you need this header to be applied everywhere, you can use an auto-prepend.