CORS Rules - What they are used for and how they are implemented in ServiceNowSummary CORS rules are used to manage cross-origin requests between a client side request trying to retrieve a resource deployed in a different origin than its own (domain, protocol, or port).CORS rules are not meant to filter incoming 3rdParty application requests, the requests will not be blocked by the CORS rules.Considering the ServiceNow CORS Rule implementation this is how they come into play: Assuming you have a web application deployed in the origin (domain) i.e. https://www.test-cors.org (origin A).The web application makes a client-side request (i.e. XMLHttpRequest) towards the ServiceNow API endpoint which is in a different origin (origin B).By defining a CORS Rule in ServiceNow (origin B) it is possible to define what HTTP methods will be allowed from origin A and what HTTP headers by the SN instance will be included in the response to a request coming from origin A.Based on the CORS Rules results, the web application browser (origin A) will be able to either allow or restrict the access to the requested resource in origin B, which is the ServiceNow REST API in this case. Related LinksCORS RulesDefine a CORS rule