Thank You Bjorn Bjorn_Gluck
There are 3 options we have here.
A]. If this is a static value for all User (i.e. remain same for all user) then we could configure a STATIC Response Attribute with Header Name as "Access-Control-Allow-Origin" and value as "https://***.***.com".
B]. If it is a field that is populated somehow in the UserDirectory, then we could use a USER Response Attribute with Header Name as "Access-Control-Allow-Origin" and value as the "AttributeName in UserDirectory" which store this value.
C]. If we would like to generate this on the fly, then we'd need to write a Custom AGP.
Regards
Hubert