From the POV of API integrations it's basically annoyance. It doesn't prevent or discourage using an endpoint from scripts and applications except browsers, which voluntarily handle it and also don't give the end-user any control over it.

> You do realize it prevented countless script injection attacks from affecting users?

I do. We're talking about making software as secure as web browsers. I can begrudgingly accept that the World Wide Web is what it is because it is World Wide, but I don't want any of this bullshit to spill over to general-purpose personal computers. It's bad enough that we increasingly do most of our computing in the browsers.

> Also seems like your idea of integration is using someone else's server without permission.

Not server but software, and the very phrasing of it is... I don't know where to even begin addressing it.

I am not and am never gonna ask permission to use software for whatever purpose I want. That's, like, the basic philosophy of computing. Integrations - voluntary or not - are basically an extension of that. Adversarial interoperability is a sad necessity today, but we're not even talking about that - we're talking transplanting "browser security" like CORS to places and use cases where it would be mostly annoying, leaving users at the mercy of the software provider to kindly relax the security flag a bit.