I'd like to change the origin header specifically to restrict to my domain.
I see in the response: Access-Control-Allow-Origin: *
Which means anyone can connect.

It would also be great if we could read the request headers for session cookies etc.

I am successfully deployed using nodejs with no additional frameworks like express etc

Everything is working fine, I'd just like to improve the security, any way to add/read headers?