My use case is to allow content authors to write help pages in WordPress.
This content is fetched and embedded into a single page application hosted on another domain.
AJAX requests to this site from another are typically disallowed by the browser’s security model.
To permit legitimate uses the requesting browser may include an Origin header containing its domain.
This plugin uses the Origin header to decide whether to allow the request or not.
Allowed domains can be specified in the plugin’s Settings page.