How does 'CORS' improve website security? How does it work?

Resources to quickly get a decent understanding of cross-origin resource sharing (CORS).

Websites have a variety of tracking codes, snippets, tags, and other bits of code on them that load stuff from other remote places on the internet. If you've used Tag Manager or the Facebook Pixel, you are loading external code on your website.

Loading anything on your website that is hosted somewhere else comes with risk. More specifically, it comes with some risk to your visitors. Imagine logging into the bank website where the login form wasn't actually the bank at all. What if that portion of the site was a malicious kid from the other side of the world?  

One of the ways we tell our websites what servers, or origins, are allowed to serve content on our websites is called cross-origin resource sharing (CORS). When we add CORS to our web servers the browsers recognize these rules and they can more comfortably allow those origins to run on your website.

What is ‘CORS’? What is it used for?
One of the first features I worked on at my job as a software engineer was to provide support for CORS requests in our product, the Zenko…
MediumElectra Chong
Cross-origin resource sharing - Wikipedia
Wikimedia Foundation, Inc.Contributors to Wikimedia projects