CORS enables the browser to manage cross-domain content by either allowing or denying it based on the configured security settings.
HTTP Request Headers#
When a domain is requesting to interact with a resource on another domain, request headers are added from the first domain in order to use the cross-origin resource sharing feature. These are the HTTP request headers that may be associated with the requesting domain.
HTTP Response Headers#
The domain who’s resources are being requested can respond to the first domain with the following HTTP response headers based on what configuration options are set.
You can find more on setting CORS the correct way by visiting this website.