CORS (Cross-Origin Resource Sharing)

A browser security mechanism that controls which domains can access an API's resources. An overly permissive CORS configuration (Access-Control-Allow-Origin: *) on authenticated endpoints can expose sensitive data. CORS policy review is part of every application security audit.