I have to test using postman that non white listed domain can’t access rest api. I am new to CORS- I have following questions-

1. When I send say POST request from postman, what will be origin header value? 2. To test that non whitelisted domain can not access rest api, do I have to set origin header as white listed domain and then post request and check the headers in response? Please advice. Thanks