diff --git a/src/main/java/com/browserstack/automate/ci/jenkins/observability/AccessControlsFilter.java b/src/main/java/com/browserstack/automate/ci/jenkins/observability/AccessControlsFilter.java
index 52d2055a..5f0b01f9 100644
--- a/src/main/java/com/browserstack/automate/ci/jenkins/observability/AccessControlsFilter.java
+++ b/src/main/java/com/browserstack/automate/ci/jenkins/observability/AccessControlsFilter.java
@@ -23,9 +23,7 @@
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.ObjectStreamException;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
+import java.util.*;
 import java.util.logging.Logger;
 
 /**
@@ -65,12 +63,23 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
         HttpServletRequest req = (HttpServletRequest) request;
         HttpServletResponse resp = (HttpServletResponse) response;
 
-        resp.addHeader("Access-Control-Allow-Credentials", "true");
-        resp.addHeader("Access-Control-Allow-Origin", "https://observability.browserstack.com");
-        resp.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT");
-        resp.addHeader("Access-Control-Allow-Headers", "*");
-        resp.addHeader("Access-Control-Expose-Headers", "*");
-        resp.addHeader("Access-Control-Max-Age", "999");
+        Set<String> allowedOrigins = new HashSet<String>(Arrays.asList(
+                "https://observability.browserstack.com",
+                "https://automation.browserstack.com",
+                "https://automate.browserstack.com",
+                "https://app-automate.browserstack.com",
+                "https://test-management.browserstack.com"
+        ));
+
+        String origin = req.getHeader("Origin");
+        if (origin != null && allowedOrigins.contains(origin)) {
+            resp.addHeader("Access-Control-Allow-Credentials", "true");
+            resp.addHeader("Access-Control-Allow-Origin", origin);
+            resp.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT");
+            resp.addHeader("Access-Control-Allow-Headers", "*");
+            resp.addHeader("Access-Control-Expose-Headers", "*");
+            resp.addHeader("Access-Control-Max-Age", "999");
+        }
 
         if (req.getMethod().equals(PREFLIGHT_REQUEST)) {
             resp.setStatus(200);