== Ask Yourself Whether

* You don't trust the origin specified, example:  ``++Access-Control-Allow-Origin: untrustedwebsite.com++``.
* Access control policy is entirely disabled: ``++Access-Control-Allow-Origin: *++`` 
* Your access control policy is dynamically defined by a user-controlled input like https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin[``++origin++``] header.

There is a risk if you answered yes to any of those questions.