CORS stands for Cross-Origin Resource Sharing and is essentially security for your web client. In S3 www.example.com and info.example.com would be considered different origins while www.example.com/data and www.example.com/users would be the same origin. CORS allows for two origins to share resources. Let’s say you access a site in origin 1, your client connects and the page needs to load an asset from origin 2. Unless CORS is enabled on origin 2 this request will not be able to be made. You enable CORS on the bucket that will be sharing objects with buckets cross-origin. In short CORS is a web-browser based security measure that allows cross-origin requests while connected to one origin.