CORS - Cross Origin Request Sharing / Same origin policy

When an HTTP request is made the request includes an Origin header that indicates the domain of the client code

The server will consider the requests Origin and either allow or disallow the request

If the server allows the request then it will respond with the requested resource and an Access-Control-Allow-Origin header in the response

If the Access-Control-Allow-Origin header matches the Origin header then the browser will allow the request