CORS (Cross origin policy)
Same Origin Policy
In early web development it was assumed that a website was only going to receive ajax request from the same server that the site was severed from.
Origin : protocol domain url : https://example.com
In the modern web a website makes calls to many different servers for all sorts of resources. For example fonts, styling, images, and api data to name a few. These are cross origin calls.
The solution to enable cross origin requests in a more efficient way was http headers. For example a public server would add a CORS related header to the response and the client would determine if the response from the server was safe.