Send Access-Control-Allow-Origin and related headers if the current request is from an allowed origin.
If the request is an OPTIONS request, the script exits with either access control headers sent, or a 403 response if the origin is not allowed. For other request methods, you will receive a return value.
(string|false) Returns the origin URL if headers are sent. Returns false if headers are not sent.