We often receive inquiries about enabling CORS headers to allow any origin to access the Enrich Layer API. However, our policy is to deliberately block requests to the Enrich Layer API that are made from a browser client.
The reason for this is that it would require exposing the Enrich Layer API key on client-side, making it visible to all users. This would pose a significant security risk.
Instead, we recommend setting up a middleware. All client-side requests can then be routed through this middleware. This approach ensures that no API keys are exposed on the client-side, effectively preventing any potential leaks.