Great explained. Thank you.
But, in this sentence "The whitelisted website is usually passed in the Access-Control-Allow-Origin request header, which will tell the server that it is okay to send and share its data to this website."
I believe you meant to say "Access-Control-Allow-Origin response header" instead of "Access-Control-Allow-Origin request header."