Using Server Manager, in IIS, you can navigate to the site and under the HTTP Response Headers you can choose ADD, then title Access-Control-Allow-Origin and value is the IP or domain of the site you want to allow. Could always choose * for everyone.
While you can do it in your code, Server side is probably the best option.