The service sends an OPTIONS preflight request and a GET request with the header Origin: https://101ip.ru and analyses the CORS headers in the server response.
Access-Control-Allow-Origin — domains permitted to access (* — everyone);Access-Control-Allow-Methods — allowed HTTP methods (GET, POST, PUT, DELETE…);Access-Control-Allow-Headers — allowed request headers;Access-Control-Allow-Credentials — whether cookies and authorisation are permitted;Access-Control-Max-Age — preflight response cache time (seconds);Access-Control-Expose-Headers — headers accessible to client-side JS code.The value Access-Control-Allow-Origin: * forbids the use of Allow-Credentials: true. The browser will block such a response. For authenticated requests, a specific origin must be specified.