CORS (Cross-Origin Resource Sharing)

A browser security mechanism that controls which domains can make requests to a server. By default, browsers block cross-origin requests (same-origin policy). CORS headers like Access-Control-Allow-Origin let servers explicitly permit cross-origin access. Preflight OPTIONS requests check permissions before the actual request. CORS errors often result in opaque 0 status codes in JavaScript.