XMLHttpRequest object is used. When the XHR2 object is available, the cross-domain restriction cq. security violation is no longer applicable. The prerequisite for using CORS is that the server has to allow incoming requests from other domains by using an
Access-Control-Allow-Origin header. Valid examples include:
Access-Control-Allow-Origin: http://example.org http://webpro.nl
a cross-domain request.