dotCMS currently returns a “Access-Control-Allow-Origin” header with a value of "*".  This means that the default  is to share any public content on this server.  While this is a browser enforced security measure, it can be desirable to prevent other sites from linking to content on your site as if it is their own content.

Status can be tracked here: https://github.com/dotCMS/core/issues/15862

Custom static plugin to override code that sets header value.

https://en.wikipedia.org/wiki/Cross-origin_resource_sharing