One or more response headers that you want customers to be able to access from their applications
(for example, from a JavaScript XMLHttpRequest object).

Each CORSRule must have at least one AllowedOrigin element. The string value can include at
most one '*' wildcard character, for example, http://*.example.com". You can also specify only
"*" to allow cross-origin access for all domains/origins.