I'm passing the Google recaptcha token in the Header, and CORS is giving an error.

has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

What do I need to enable in CORS?