Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts) on a web page to be requested from another domain outside the domain from which the first resource was served. A web page may freely embed cross-origin images, stylesheets, scripts, iframes, and videos. Certain "cross-domain" requests, notably Ajax requests, however, are forbidden by default by the same-origin security policy.
References:
1.) https://msdn.microsoft.com/en-us/magazine/dn532203.aspx
2.)https://en.wikipedia.org/wiki/Cross-origin_resource_sharing#How_CORS_works
