WEAK CROSS DOMAIN POLICY
Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts) on a web page to be requested from another domain outside the domain from which the resource originated. The Access-Control-Allow-Origin header indicates whether a resource can be shared based on returning the value of the Origin request header, "*", or "null" in the response.
If a website responds with Access-Control-Allow-Origin: * the requested resource allows sharing with every origin. Therefore, any website can make XHR (XMLHTTPRequest) requests to your site and access the responses. It is not recommended to use the Access-Control-Allow-Origin: * header.
How to solve it
Apply a CORS policy that reduces the exposure to attacks.