Allow access to arduino webserver: invocation issue

A webserver needs to get access to a ESP8266 webserver to collect json formatted data. For security reasons this is not allowed.
the formal way to give access is here: [ Cross-domain Ajax with Cross-Origin Resource Sharing - Human Who Codes

My code:

void writeResponse(WiFiClient& client, JsonObject& json) {
  client.println("HTTP/1.1 200 OK");
  client.println("Content-Type: application/json");
  client.println("Access-Control-Allow-Origin: *"); // Access-Control Origin allows every body to access this server see:https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
  client.println("Connection: close");
  client.println();

  json.prettyPrintTo(client);
}

As a starter I have given "everybody access ("Access-Control-Allow-Origin: *"

The code in my web is as follows:

function callOtherDomain(){
        if(invocation)
        {    
            invocation.open('GET', url, true);
            invocation.onreadystatechange = handler;
            invocation.send(); 
        }
        else
        {
            
            document.getElementById("id4").innerHTML = "no response ";
        }

Is there anybody with experience is this field who could give me advice?
](Cross-domain Ajax with Cross-Origin Resource Sharing - Human Who Codes)

jsonp is an easier way to get around the cross-domain restrictions all modern browsers have. See JSONP - Wikipedia as a starting point followed by https://stackoverflow.com/questions/2067472/what-is-jsonp-all-about for some code.

You will have to modify your ESP8266 code a little to play nicely though - the ESP8266 needs to return valid javascript function rather than JSON. This page seems to have working ESP8266 code to return the correct format: http://www.lucadentella.it/en/2013/08/07/ambientmonitor/