AccessControlAllowOrigin

The Access-Control-Allow-Origin response header indicates whether the response can be shared with requesting code from the given origin.

For requests without credentials, the literal value "*" can be specified as a wildcard; the value tells browsers to allow requesting code from any origin to access the resource. Attempting to use the wildcard with credentials results in an error.

Specifies an origin. Only a single origin can be specified. If the server supports clients from multiple origins, it must return the origin for the specific client making the request.

null Specifies the origin "null".