Server-to-Server requests won't be blocked and your users can't exploit your API key. `Cross-Origin-Resource-Policy: same-site` does not consider a response delivered via a secure transport to match a non-secure requesting origin, even if their hosts are otherwise same site. "Cross-Origin request is blocked and it is used by some other resources" Then i download cors in project directory and put it in the server file index.js as below: To download simply type command using node.js : It is possible to request many of them directly using