Cross-origin resource sharing (CORS) allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. CORS uses additional HTTP headers to allow a server to describe which origins are permitted to read that information using a web browser. Browsers restrict cross-origin HTTP requests initiated from scripts for security reasons. CORS provides a secure way to allow some cross-origin requests while disallowing others. Making CORS requests involves using the XMLHttpRequest or XDomainRequest objects and handling events like onload and onerror.