Master user can configure security settings via Setting / Security from the left sidebar:
Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.
To add the allowed domains master users needs to write the domains in the texts box (the domains are added by clicking the suggested domains) and click
After saving the domains, they will appear in the box and it is possible to delete the domains individually:
Credentials show information for production and sandbox (testing) environments for integration with the 3rd party systems: