Currently Pipedream internal systems handle all HTTP OPTIONS requests, so those don’t get forwarded to workflows like other HTTP requests, where you’d have control over the HTTP response headers.
We’re tracking a feature request to allow you to modify the Access-Control-Allow-Origin header here. Please follow that ticket for updates and upvote it if you’d like to see this implemented. We’d also love to hear your specific use cases for modifying this header in the comments!