Add headers to response

[rushglen]

I'd like to change the origin header specifically to restrict to my domain. I see in the response: Access-Control-Allow-Origin: * Which means anyone can connect.

It would also be great if we could read the request headers for session cookies etc.

I am successfully deployed using nodejs with no additional frameworks like express etc

Everything is working fine, I'd just like to improve the security, any way to add/read headers?