Even though the default request mode is "no-cors", standards are
highly discouraged from using it for new features. It is rather
same-origin you can perform requests only to your origin, otherwise the request will result in an error.
no-cors, you can perform requests to other origins, even if they don't set the required CORS headers, but you'll get an opaque response.
You can read more on MDN: https://developer.mozilla.org/en-US/docs/Web/API/Request/mode and https://developer.mozilla.org/en-US/docs/Web/API/Response/type.