Description - Currently there isn't an ability to configure CORS for tracking servers. Especially in the case of setting up first-party tracking, it would be great if more restrictive origin traffic could be specified.
Why is this feature important to you - It could cut down bot/undesired tracking and it would flag fewer exceptions when probing a site for CORS compliance.
How would you like the feature to work - During the process of engaging in discussions of first-party tracking and using first-party cookies, it would be ideal to provide both the necessary CNAMEs to reference the tracking servers as well as any additional configuration changes that would be needed on the client side. Ideally, we could limit origin to the specific site we expect to send data from, and maybe a less restrictive, non-public endpoint that can be used for any server-side API data insertions.
Current Behaviour - Right now the following header is allowed "Origin: null". Every endpoint, including those that that are specifically set up for first-party tracking can recieve requests from any origin.