CORS is a security mechanism or policy to control asynchronous HTTP requests that can be made from a browser to a server with a different domain from the originally loaded page. Such requests are called cross-origin requests.
By default, browsers allow linking to documents located in all types of domains if they are made from HTML or Javascript using the DOM API. However, this is not the case when it comes to HTTP cross-origin requests via Javascript (AJAX), either through XMLHttpRequest, Fetch API or similar libraries for the same purpose.
Using these type of asynchronous requests, resources located in domains other than the current page are disallowed by default. This is often referred to as CORS protection. Its purpose is to make it difficult to add foreign resources to a given site.