Definition
CORS (Cross-Origin Resource Sharing) is a security mechanism built into web browsers that controls whether a web page on one domain can request data from a server on a different domain. By default, browsers block these cross-origin requests to prevent malicious websites from secretly pulling data from services you are logged into. CORS lets server owners explicitly declare which other domains are allowed to make requests, creating a controlled exception to that default block.
Why It Matters
If your business runs a website that pulls data from a separate API or service — for example, a frontend hosted on one domain loading product data from an API on another — CORS is what makes that possible. Without the correct CORS configuration, the browser will silently block those requests and your site will appear broken. It is one of the most common issues developers encounter when connecting frontends to backends, and understanding the concept helps you have more productive conversations with your development team when integration problems arise. Misconfigured CORS can also create security gaps by allowing domains that should not have access.
Example
Your company website is hosted at www.yourcompany.com, and it fetches live pricing data from an API at api.yourcompany.com. When a visitor loads your pricing page, their browser checks whether api.yourcompany.com allows requests from www.yourcompany.com. If your API is configured with the correct CORS headers, the browser permits the request and the pricing data loads. If the headers are missing or wrong, the browser blocks the request and visitors see a blank pricing section — even though the API itself is working perfectly.