Your question is somewhat unclear,
> do you want to set the cors origin header for your browser client? - it is not possible, browsers wont let you do that
> do you want to verify filetype and set the 'Access-Control-Allow-Origin' response header in Apigee? - it is possible, you can access the request headers, params within apigee using predefined variables like [request.queryparam.. , request.header..] or using Extract Variables and you could use either Javascript or conditions to evaluate the filetypes and set the response headers accordingly
How to implement CORS has been discussed several times in the community,
https://community.apigee.com/search.html?f=&type=q...
you would find some samples on how to do it,
Thanks,
Mukundha