The option is aimed to protect content from using at third-party sites or in third-party applications by adding the Access-Control-Allow-Origin header only to the allowed domains. An example case is the control protection in players on third-party sites.
When a request is received, the CDN matches the Origin header value and the domains that are specified for the HTTP-Access-Control-Allow-Origin option. If the Origin header value matches one of the specified domains, the CDN adds the Access-Control-Allow-Origin header to the response with the requested domain. If the Origin header value does not match specified domains, the Access-Control-Allow-Origin header is not added. If the header with correct value is present in the response, a customer's browser gives the content.
CDN Resource
Go to Advanced Settings, the Security section. Select the HTTP-header Access-Control-Allow-Origin option.
You can add a header to all requests or just to requests from specified domains. To specify domains, select Add to the specified domains, enter domains allowed to access content. You can enter up to 20 domains.
All the files delivered by CDN will contain Access-Control-Allow-Origin Header.
Rules
Configure Access-Control-Allow-Origin Header only for certain files via Rules.
Go to Advanced Settings, the Security section. Select the HTTP-header Access-Control-Allow-Origin option.
If the option is not added to the list, CDN uses the Resource settings for the HTTP-header Access-Control-Allow-Origin option.
If you add an option to the list but do not enable it, the Access-Control-Allow-Origin header will not be added.
When you enable the option, you can add a header to all requests or just to requests from specified domains. To specify domains, select Add to the specified domains, enter domains allowed to access content. You can enter up to 5 domains.