Isn't it arguably the opposite?

A CORS header in the response tells your browser to relax CORS restrictions.