It’s as easy as editing the web.config file with the below: <?xml version= »1.0″ encoding= »UTF-8″?> <configuration> <system.webServer> <httpProtocol> <customHeaders> <add name= »Access-Control-Allow-Origin » value= »https://my.site.com » /> <add name= »Access-Control-Allow-Headers » value= »Authorization,Accept,Content-Type,X-Requested-With » /> <add name= »Access-Control-Allow-Credentials » value= »true » /> </customHeaders> </httpProtocol> </system.webServer> </configuration>