Cross-Origin Resource Sharing
CORS is a browser mechanism that lets a server declare which other websites may read its responses, relaxing the same-origin policy in a controlled way. Developers configure it with response headers like Access-Control-Allow-Origin during implementation. Misconfigured CORS, such as reflecting any origin with credentials allowed, can let malicious sites read sensitive data from a victim's session.