Nowdays is pretty common to transfer data between web applications via Web Services to clients that require information on different interfaces such as REST, XMLRPC, JSON, JSON-RPC, SOAP and others.
Lets imagine the following scenery: we have a frontend application using the domain http://a.com and this application wants to use data provided by a backend site located in domain http://b.com. For security this type of communication is blocked and the end user will be only able to get the information from http://a.com, this scenario is exemplified in the following image.
To enable this kind of communication is requiered that your backed server (http//b.com) returns the specific HTTP Headers to enable CORS comunication. Below you can see an example of HTTP Header required.
Access-Control-Allow-Credentials:true Access-Control-Allow-Headers:X-CSRF-Token Access-Control-Allow-Methods:POST,ADD,GET,PUT,DELETE,OPTIONS Access-Control-Allow-Origin:http://localhost:8080
The header Access-Control-Allow-Credentials is only used if your request require some kind of authentication. You can read more information about all HTTP Headers at Access Controls - CORS.