The Access-Control-Allow-Origin Header Explained – With a CORS Example
javascript - CORS - No 'Access-Control-Allow-Origin' header is present - Stack Overflow
visualforce - Getting No 'Access-Control-Allow-Origin' header is present on the requested resource on site with an actionFunction - Salesforce Stack Exchange
Is Access-Control-Allow-Origin: * insecure? - Advanced Web Machinery
Cross-Origin Resource Sharing (CORS) and the Access-Control-Allow-Origin Header | Acunetix