Websites have a variety of tracking codes, snippets, tags, and other bits of code on them that load stuff from other remote places on the internet. If you've used Tag Manager or the Facebook Pixel, you are loading external code on your website.
Loading anything on your website that is hosted somewhere else comes with risk. More specifically, it comes with some risk to your visitors. Imagine logging into the bank website where the login form wasn't actually the bank at all. What if that portion of the site was a malicious kid from the other side of the world?
One of the ways we tell our websites what servers, or origins, are allowed to serve content on our websites is called cross-origin resource sharing (CORS). When we add CORS to our web servers the browsers recognize these rules and they can more comfortably allow those origins to run on your website.