# Cross-Origin Read Blocking
# And You Thought CORS Was The End
So, you followed the steps and you made a fetch call to some API.
You now want to use the data that you were requesting, but there is another set of rules about using what you Requested. This next set is called CORB. It has to do with actually working with the content of the response.
Cross-origin read blocking, better known as CORB, is an algorithm which identifies dubious cross-origin resource fetches (e.g., fetches that would fail anyway like attempts to render JSON inside an img element) and blocks them before they reach a web page. CORB reduces the risk of leaking sensitive data by keeping it further from cross-origin web pages.
Even without CORB, accessing the content of cross-origin resources with CORB-protected MIME types is either managed by the CORS protocol, not observable (e.g., in case of pings or CSP reports which ignore the response), or would result in an error (e.g., when failing to decode an HTML document embedded in an img element as an image). This means that CORB can block CORB-protected MIME types resources without being disruptive to web pages.
# The Protected Mime-Types
Mime-Type stands for Multipurpose Internet Mail Extensions. This is another name for the Content-Type header.
A CORB-protected MIME type is an HTML MIME-type, a JSON MIME-type, or an XML MIME type excluding image/svg+xml.