The same origin policy is a security mechanism of web browsers. Web browsers provide a few different APIs for making HTTP requests from client-side JavaScript code. Both the Fetch API and XMLHTTPRequest, which are browser APIs that can request resources, will be blocked by the same origin policy from requesting resources from a different origin. CORS is a mechanism that can be used to loosen the same origin policy and involves HTTP headers. The browser may send an additional OPTIONS request to the server before making the real cross-origin request of interest to determine if the server will permit a CORS response to the request origin. The additional OPTIONS request is called a preflight request. It should be noted CORS is not a security feature: it relaxes security. 

An origin is a tuple of a scheme, host, and port. With the URL https://example.com:30000, the scheme is https, the host is example.com, and the port is 30000. If these three things of two URLs are identical, then the two URLs have the same origin and a request from one of those origins to the other is not considered a cross-origin request.