PHP Cors múltiples encabezados

// enter the origins you want allowed for cors to work
$_SESSION['allowed_origins'] = array('*', "site1.com", "site2.com");

// use this function to cycle through the list and enter these dynamically
function setAllowedHeadersAPI($array) {
    foreach ($_SESSION['allowed_origins'] as $origin) {
        header("Access-Control-Allow-Origin: $origin");
        header("Access-Control-Allow-Headers: $origin");
    }
}

// call function and pass the array through it
setAllowedHeadersAPI($_SESSION['allowed_origins']);
Codelerk