CORS helps maintain data integrity between the API server and the client for the API request.
The idea behind using CORS is that the server and client should have enough information about each other so that they can authenticate each other, and transfer data over a secure channel using the HTTP header.
When a client makes an API call, it is either a GET or POST request, where the body is usually text/plain with headers called Origin--this includes protocol, domain name, and port with respect to the requesting page. When the server acknowledges the request, and sends the response along with the Access-Control-Allow-Origin header to the same Origin, it makes sure the response is received at the correct Origin.
In this way, resource sharing happens between Origins.
Almost all browsers now support CORS, which includes IE 8+, Firefox 3.5+, and Chrome...