CORS stands for which of the following?

Cross-origin resource sharing is a browser mechanism that lets a web page from one origin access resources from a different origin under controlled conditions. By default, browsers block cross-origin requests for security, and CORS provides a way for servers to opt in by sending specific HTTP headers. The key header is Access-Control-Allow-Origin, which tells the browser which origins are permitted. For more complex requests, the browser may first send a preflight OPTIONS request to check allowed methods and headers; the server responds with details like Access-Control-Allow-Methods, Access-Control-Allow-Headers, and sometimes Access-Control-Allow-Credentials. If the server authorizes the request, the browser proceeds; if not, the response is blocked. For example, a frontend running on https://example.com can fetch data from https://api.example.org if the API includes Access-Control-Allow-Origin: https://example.com. The other terms listed don’t match the standard acronym and don’t describe the mechanism.