I tried to send a simple cross origin get request from live server to w3schools. Although this request works successfully and browser displays the homepage of w3schools. Since, it is a cross origin request which is working successfully, I expect the availability of Access-Control-Allow-Origin CORS http response header under network tab – response headers, sent in a response by w3schools’ server. But, I can’t find this access-control-allow-origin header under network tab of dev tools. Not just w3schools, but many websites do not send this header in response. Even if I try to send cross origin request to live server then the live server also does not send this access-control-allow-origin header in response. Although cross origin request to live server works successfully as cors is enabled by default in vs code live server. While a website called cryptocompare.com sends access-control-allow-origin: * in response to a cross origin request. Why such behavior is happening?