Enabling CORS in Apache local dev site

I’m having an issue with content from a plugin being blocked due to CORS.

I’ve tried adding a header to both the conf file & the site root htaccess, but tzhese just cause server issues. I’ve also tried installing mod_headers via a2enmod but this also fails.

How can I get CORS / headers working for an apache site?