It’s as easy as editing the web.config file with the below:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="https://my.site.com" />
<add name="Access-Control-Allow-Headers" value="Authorization,Accept,Content-Type,X-Requested-With" />
<add name="Access-Control-Allow-Credentials" value="true" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>