CORS vs CSP
CORS allows a site (data provider) to give permission to another site to read the data using the visitor’s browser and credentials. CSP allows a site to prevent itself (data consumer) from loading content from unexpected sources as a defense against XSS.