Matomo is an analytics platform that collects data (Tracking API) and reports (Analytics API) this data in interesting formats. Sometimes you want to query this data from across other domains for example using cross-domain Ajax calls (XMLHttpRequest).

By default browsers implement the same-origin policy which prevents browsers from directly requesting data from other domains. Luckily, modern web browsers allow developers to perform cross-domain requests with one trick: the server must allow cross-domain requests by responding to the request with the Access-Control-Allow-Origin header set to a value that includes the domain of the requesting code (or * to match all domains).

You can set your domain names for CORS in the Matomo GUI, the feature can be found in Administration > System > General settings

cors

Alternatively you can set the domains in the config.ini.php file. To allow your Matomo to serve data to all domains add the following to your config file:

[General]
cors_domains[] = *

To allow Matomo to serve cross-domain requests to only example.com and dashboard.example.com

[General]
cors_domains[] = "http://example.com"
cors_domains[] = "http://dashboard.example.com"

Reference: Cross-origin resource sharing.